<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html><body style='font-family: Arial,Helvetica,sans-serif'>
<p>For a single tunnel try "ipsec auto --replace {conn-name}".</p>
<p>On 2013-07-15 07:05, Timmy wrote:</p>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<div class="moz-cite-prefix">On Ubuntu:<br /> service ipsec {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version}<br /><br /><br /><br /></div>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px">
<div dir="ltr">
<div>Thank you for rescuing this email from spam.<br /><br /></div>
<div>Does anyone have any idea to reload ipsec config without affecting the existing tunnels?</div>
<div>
<div>
<div class="gmail_extra"><br clear="all" />
<div><br /> Best regards,<br /> Steve<br /><br /></div>
<br /><br />
<div class="gmail_quote">2013/7/5 Steve Leung <span><<a href="mailto:kesteve@kesteve.com">kesteve@kesteve.com</a>></span><br />
<blockquote class="gmail_quote" style="border-left: 1px #ccc solid; padding-left: 1ex;">
<div class="HOEnZb">
<div class="h5">
<div dir="ltr">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">
<div>
<div>Hi guys,<br /><br /></div>
I have OpenSWAN running when system boot, with several connections defined, one of them is using X.509 certificate.<br /><br /> My system clock will be reset every time when I restart the system, (i.e. reset to Jan 01 2010), and the time will be corrected by NTP within a few minutes after boot. The problem is, when pluto start and try to load the certs, it will complain: "X.509 certificate is not valid until Aug 16 09:22:00 UTC 2012 (it is now=Jan 01 00:02:10 UTC 2010)". I'll need to run "ipsec setup restart" after NTP corrected the time, but this will disconnect all the existing connections. <br /><br /></div>
Is there any commands to reload the certs? There is `ipsec auto --rereadall` but it only reload the cacerts/crls/etc but not for /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in /etc/ipsec.conf). <br /><br /> Is it possible to reload the configuration file without interrupting established connections?<br clear="all" />
<div>
<div>
<div>
<div>
<div>
<div> </div>
<div>Thank you :)</div>
<div><br /> Best regards,<br /> Steve<br />
<div> </div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
<br /><fieldset class="mimeAttachmentHeader"></fieldset><br />
<pre>_______________________________________________
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a class="moz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<br /><!-- html ignored --><br />
<pre>_______________________________________________
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a>
<a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
</body></html>