<div dir="ltr"><div>Hi Nick,<br><br><br></div>Thanks, this is something close to my need, but I hope there is a command to reload certs without knowing the Connection Name. To be precise, I found a command from StrongSWAN:<br>
<br><p><strong>ipsec reload</strong></p>
<p style="padding-left:2em">sends a <em>USR1</em> signal to ipsec starter which in turn reloads the whole configuration on the running IKE daemon charon based on the actual ipsec.conf. Currently established connections are not affected by configuration changes.</p>
<br><div class="gmail_extra">The description is actually what I want however this is not available in OpenSWAN.<br></div><div class="gmail_extra"><br clear="all"><div><br>Best regards,<br>Steve<br><br></div>
<br><br><div class="gmail_quote">2013/7/15 Nick Howitt <span dir="ltr"><<a href="mailto:n1ck.h0w1tt@gmail.com" target="_blank">n1ck.h0w1tt@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<u></u>
<div style="font-family:Arial,Helvetica,sans-serif">
<p>For a single tunnel try "ipsec auto --replace {conn-name}".</p><div><div class="h5">
<p>On 2013-07-15 07:05, Timmy wrote:</p>
<blockquote type="cite" style="padding-left:5px;border-left:2px solid rgb(16,16,255);margin-left:5px">
<div>On Ubuntu:<br> service ipsec {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version}<br><br><br><br></div>
<blockquote type="cite" style="padding-left:5px;border-left:2px solid rgb(16,16,255);margin-left:5px">
<div dir="ltr">
<div>Thank you for rescuing this email from spam.<br><br></div>
<div>Does anyone have any idea to reload ipsec config without affecting the existing tunnels?</div>
<div>
<div>
<div class="gmail_extra"><br clear="all">
<div><br> Best regards,<br> Steve<br><br></div>
<br><br>
<div class="gmail_quote">2013/7/5 Steve Leung <span><<a href="mailto:kesteve@kesteve.com" target="_blank">kesteve@kesteve.com</a>></span><br>
<blockquote class="gmail_quote" style="border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>
<div dir="ltr">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">
<div>
<div>Hi guys,<br><br></div>
I have OpenSWAN running when system boot, with several connections defined, one of them is using X.509 certificate.<br><br> My system clock will be reset every time when I restart the system, (i.e. reset to Jan 01 2010), and the time will be corrected by NTP within a few minutes after boot. The problem is, when pluto start and try to load the certs, it will complain: "X.509 certificate is not valid until Aug 16 09:22:00 UTC 2012 (it is now=Jan 01 00:02:10 UTC 2010)". I'll need to run "ipsec setup restart" after NTP corrected the time, but this will disconnect all the existing connections. <br>
<br></div>
Is there any commands to reload the certs? There is `ipsec auto --rereadall` but it only reload the cacerts/crls/etc but not for /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in /etc/ipsec.conf). <br><br> Is it possible to reload the configuration file without interrupting established connections?<br clear="all">
<div>
<div>
<div>
<div>
<div>
<div> </div>
<div>Thank you :)</div>
<div><br> Best regards,<br> Steve<br>
<div> </div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
<br><fieldset></fieldset><br>
<pre>_______________________________________________
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<br><br>
<pre>_______________________________________________
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
</div></div></div>
<br>_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br></blockquote></div><br></div></div>