<div dir="ltr"><div>Hi Leto,<br><br></div>Unfortunately the --rereadall option only reload the cacerts/crls/etc but not for /etc/<span class="">ipsec</span>.d/certs (i.e. leftcert and rightcert defined in /etc/<span class="">ipsec</span>.conf). <div class="gmail_extra">
<br clear="all"><div><br>Best regards,<br>Steve<br><br></div>
<br><br><div class="gmail_quote">2013/7/15 Leto <span dir="ltr"><<a href="mailto:letoams@gmail.com" target="_blank">letoams@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto"><div>ipsec auto --rereadall<br><br>sent from a tiny deviceĀ </div><div><div class="h5"><div><br>On 2013-07-15, at 0:28, Steve Leung <<a href="mailto:kesteve@kesteve.com" target="_blank">kesteve@kesteve.com</a>> wrote:<br>
<br></div><blockquote type="cite"><div><div dir="ltr"><div>Thank you for rescuing this email from spam.<br><br></div><div>Does anyone have any idea to reload ipsec config without affecting the existing tunnels?<br></div>
<div>
<div><div class="gmail_extra"><br clear="all">
<div><br>Best regards,<br>Steve<br><br></div>
<br><br><div class="gmail_quote">2013/7/5 Steve Leung <span dir="ltr"><<a href="mailto:kesteve@kesteve.com" target="_blank">kesteve@kesteve.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div><div dir="ltr"><div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div><div>Hi guys,<br><br></div>I have OpenSWAN running when system boot, with several connections defined, one of them is using X.509 certificate.<br>
<br>
My system clock will be reset every time when I restart the system, (i.e. reset to Jan 01 2010), and the time will be corrected by NTP within a few minutes after boot. The problem is, when pluto start and try to load the certs, it will complain: "X.509 certificate is not valid until Aug 16 09:22:00 UTC 2012 (it is now=Jan 01 00:02:10 UTC 2010)". I'll need to run "ipsec setup restart" after NTP corrected the time, but this will disconnect all the existing connections. <br>
<br></div>Is there any commands to reload the certs? There is `ipsec auto --rereadall` but it only reload the cacerts/crls/etc but not for /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in /etc/ipsec.conf). <br>
<br>
Is it possible to reload the configuration file without interrupting established connections?<br clear="all"><div><div><div><div><div><div><br></div><div>Thank you :)<br></div><div><br>Best regards,<br>Steve<br><div><br>
</div>
</div>
</div></div></div></div></div></div>
</div><br></div></div>
</div></div></blockquote></div><br></div></div></div></div>
</div></blockquote></div></div><div class="im"><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a></span><br>
<span><a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br>
<span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br>
</div></blockquote></div></div></blockquote></div><br></div></div>