<div dir="ltr"><div>Thank you for rescuing this email from spam.<br><br></div><div>Does anyone have any idea to reload ipsec config without affecting the existing tunnels?<br></div><div><div><div class="gmail_extra"><br clear="all">
<div><br>Best regards,<br>Steve<br><br></div>
<br><br><div class="gmail_quote">2013/7/5 Steve Leung <span dir="ltr"><<a href="mailto:kesteve@kesteve.com" target="_blank">kesteve@kesteve.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb"><div class="h5"><div dir="ltr"><div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div><div>Hi guys,<br><br></div>I have OpenSWAN running when system boot, with several connections defined, one of them is using X.509 certificate.<br>
<br>
My system clock will be reset every time when I restart the system, (i.e. reset to Jan 01 2010), and the time will be corrected by NTP within a few minutes after boot. The problem is, when pluto start and try to load the certs, it will complain: "X.509 certificate is not valid until Aug 16 09:22:00 UTC 2012 (it is now=Jan 01 00:02:10 UTC 2010)". I'll need to run "ipsec setup restart" after NTP corrected the time, but this will disconnect all the existing connections. <br>
<br></div>Is there any commands to reload the certs? There is `ipsec auto --rereadall` but it only reload the cacerts/crls/etc but not for /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in /etc/ipsec.conf). <br>
<br>
Is it possible to reload the configuration file without interrupting established connections?<br clear="all"><div><div><div><div><div><div><br></div><div>Thank you :)<br></div><div><br>Best regards,<br>Steve<br><div><br>
</div>
</div>
</div></div></div></div></div></div>
</div><br></div></div>
</div></div></blockquote></div><br></div></div></div></div>