[Openswan Users] Are the these coomands the same (in effect)?
Paul Wouters
paul at xelerance.com
Tue Apr 25 20:21:43 CEST 2006
On Tue, 25 Apr 2006, Joost Kraaijeveld wrote:
> If I have a tunnel with the name my_connection, is "/etc/init.d/ipsec restart" in effect the same as "ipsec auto --replace my_connection" (besides that fact that the first command will restart *every* tunnel)?
No. A restart of the system causes all connections to be dropped and deleted, and at the startup, it will depend on the auto=
option wether these connections are 1) loaded and 2) initiated.
For example, a connection with auto=add, that the remote end initiated, that is currently up, will not restart with this end as
the initiator on "restart". A connection that has auto=start is started on 'restart' but after 'ipsec auto --replace' it is just
loaded until ipsec auto --up has been issued.
> My goal is to restart one of many connections without interrupting the other connections but after using "ipsec auto --replace my_connection" there are no entries in the logfiles that the tunnel is actually rebuild and setkey -D (I use 26sec) does not show any tunnel for my_connection anymore...
You need ipsec auto --replace followed by ipsec auto --up
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list