<div dir="ltr"><div><div>Sorry for my late reply. <br><br></div>--rereadall will not read leftcert and rightcert in /etc/ipsec.conf, it does reread CA, AA, CRL, etc. To be precise, they are: &quot;REREAD_SECRETS | REREAD_CACERTS | REREAD_AACERTS | REREAD_OCSPCERTS | REREAD_ACERTS | REREAD_CRLS&quot;.<br>

<br></div>which do not include &quot;leftcert&quot; and &quot;rightcert&quot; (i.e. /etc/ipsec.d/certs/)... The only method seems to be --delete/--add (or --replace), anyway, now my setup is using --delete/--add the specific connection to solve the problem. Thanks for all your help on this.<br>


<div><br><br><div><div><div class="gmail_extra"><div>Best regards,<br>Steve<br><div><br></div></div>
<br><br><div class="gmail_quote">2013/7/20 Leto <span dir="ltr">&lt;<a href="mailto:letoams@gmail.com" target="_blank">letoams@gmail.com</a>&gt;</span><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">


<div dir="auto"><div>ipsec auto --rereadall</div><div><br></div><div>I don&#39;t see how it can not reload your certs<div><br><br>sent from a tiny device </div></div><div><div><div><br>On 2013-07-18, at 23:47, Steve Leung &lt;<a href="mailto:kesteve@kesteve.com" target="_blank">kesteve@kesteve.com</a>&gt; wrote:<br>


<br></div><blockquote type="cite"><div><div dir="ltr"><div>Hi Nick,<br><br><br></div>Thanks, this is something close to my need, but I hope there is a command to reload certs without knowing the Connection Name. To be precise, I found a command from StrongSWAN:<br>




<br><p><b>ipsec reload</b></p>


        <p style="padding-left:2em">sends a <i>USR1</i> signal to ipsec starter which in turn reloads the whole configuration on the running IKE daemon charon based on the actual ipsec.conf. Currently established connections are not affected by configuration changes.</p>




<br><div class="gmail_extra">The description is actually what I want however this is not available in OpenSWAN.<br></div><div class="gmail_extra"><br clear="all"><div><br>Best regards,<br>Steve<br><br></div>
<br><br><div class="gmail_quote">2013/7/15 Nick Howitt <span dir="ltr">&lt;<a href="mailto:n1ck.h0w1tt@gmail.com" target="_blank">n1ck.h0w1tt@gmail.com</a>&gt;</span><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">




<u></u>
<div style="font-family:Arial,Helvetica,sans-serif">
<p>For a single tunnel try &quot;ipsec auto --replace {conn-name}&quot;.</p><div><div>
<p>On 2013-07-15 07:05, Timmy wrote:</p>
<blockquote type="cite" style="padding-left:5px;border-left:2px solid rgb(16,16,255);margin-left:5px">
<div>On Ubuntu:<br> service ipsec {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version}<br><br><br><br></div>
<blockquote type="cite" style="padding-left:5px;border-left:2px solid rgb(16,16,255);margin-left:5px">
<div dir="ltr">
<div>Thank you for rescuing this email from spam.<br><br></div>
<div>Does anyone have any idea to reload ipsec config without affecting the existing tunnels?</div>
<div>
<div>
<div class="gmail_extra"><br clear="all">
<div><br> Best regards,<br> Steve<br><br></div>
<br><br>
<div class="gmail_quote">2013/7/5 Steve Leung <span>&lt;<a href="mailto:kesteve@kesteve.com" target="_blank">kesteve@kesteve.com</a>&gt;</span><br>
<blockquote class="gmail_quote" style="border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>
<div dir="ltr">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">
<div>
<div>Hi guys,<br><br></div>
I have OpenSWAN running when system boot, with several connections defined, one of them is using X.509 certificate.<br><br> My system clock will be reset every time when I restart the system, (i.e. reset to Jan 01 2010), and the time will be corrected by NTP within a few minutes after boot. The problem is, when pluto start and try to load the certs, it will complain: &quot;X.509 certificate is not valid until Aug 16 09:22:00 UTC 2012 (it is now=Jan 01 00:02:10 UTC 2010)&quot;. I&#39;ll need to run &quot;ipsec setup restart&quot; after NTP corrected the time, but this will disconnect all the existing connections. <br>




<br></div>
Is there any commands to reload the certs? There is `ipsec auto --rereadall` but it only reload the cacerts/crls/etc but not for /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in /etc/ipsec.conf). <br><br> Is it possible to reload the configuration file without interrupting established connections?<br clear="all">





<div>
<div>
<div>
<div>
<div>
<div> </div>
<div>Thank you :)</div>
<div><br> Best regards,<br> Steve<br>
<div> </div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
<br><fieldset></fieldset><br>
<pre>_______________________________________________
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<br><br>
<pre>_______________________________________________
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
</div></div></div>
<br>_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br></blockquote></div><br></div></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a></span><br><span><a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a></span><br>


<span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br><span>Building and Integrating Virtual Private Networks with Openswan:</span><br>


<span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br></div></blockquote></div></div>


</div></blockquote></div><br></div></div></div></div></div>