<div dir="ltr"><div>Hi Timmy,<br><br></div>Thanks, but for openswan, seems that `ipsec setup reload` is just the same as `ipsec setup restart`, which will disconnect all the tunnels and start over again.<br><div class="gmail_extra">
<br clear="all"><div><br>Best regards,<br>Steve<br><div><br></div></div>
<br><br><div class="gmail_quote">2013/7/15 Timmy <span dir="ltr"><<a href="mailto:moonyhk@netscape.net" target="_blank">moonyhk@netscape.net</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>On Ubuntu:<br>
service ipsec
{start|stop|restart|reload|force-reload|condrestart|try-restart|status|version}<br>
<br>
<br>
<br>
</div>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div>Thank you for rescuing this email from spam.<br>
<br>
</div>
<div>Does anyone have any idea to reload ipsec config without
affecting the existing tunnels?<br>
</div>
<div>
<div>
<div class="gmail_extra"><br clear="all">
<div><br>
Best regards,<br>
Steve<br>
<br>
</div>
<br>
<br>
<div class="gmail_quote">2013/7/5 Steve Leung <span dir="ltr"><<a href="mailto:kesteve@kesteve.com" target="_blank">kesteve@kesteve.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>
<div dir="ltr">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">
<div>
<div>Hi guys,<br>
<br>
</div>
I have OpenSWAN running when system
boot, with several connections defined,
one of them is using X.509 certificate.<br>
<br>
My system clock will be reset every time
when I restart the system, (i.e. reset
to Jan 01 2010), and the time will be
corrected by NTP within a few minutes
after boot. The problem is, when pluto
start and try to load the certs, it will
complain: "X.509 certificate is not
valid until Aug 16 09:22:00 UTC 2012 (it
is now=Jan 01 00:02:10 UTC 2010)". I'll
need to run "ipsec setup restart" after
NTP corrected the time, but this will
disconnect all the existing connections.
<br>
<br>
</div>
Is there any commands to reload the certs?
There is `ipsec auto --rereadall` but it
only reload the cacerts/crls/etc but not
for /etc/ipsec.d/certs (i.e. leftcert and
rightcert defined in /etc/ipsec.conf). <br>
<br>
Is it possible to reload the configuration
file without interrupting established
connections?<br clear="all">
<div>
<div>
<div>
<div>
<div>
<div><br>
</div>
<div>Thank you :)<br>
</div>
<div><br>
Best regards,<br>
Steve<br>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br></blockquote></div><br></div></div>