[Openswan Users] How to reload ipsec.conf without disconnecting unaffected tunnels?

Steve Leung kesteve at kesteve.com
Mon Jul 15 04:28:58 UTC 2013


Thank you for rescuing this email from spam.

Does anyone have any idea to reload ipsec config without affecting the
existing tunnels?


Best regards,
Steve



2013/7/5 Steve Leung <kesteve at kesteve.com>

> Hi guys,
>
> I have OpenSWAN running when system boot, with several connections
> defined, one of them is using X.509 certificate.
>
> My system clock will be reset every time when I restart the system, (i.e.
> reset to Jan 01 2010), and the time will be corrected by NTP within a few
> minutes after boot. The problem is, when pluto start and try to load the
> certs, it will complain: "X.509 certificate is not valid until Aug 16
> 09:22:00 UTC 2012 (it is now=Jan 01 00:02:10 UTC 2010)". I'll need to run
> "ipsec setup restart" after NTP corrected the time, but this will
> disconnect all the existing connections.
>
> Is there any commands to reload the certs? There is `ipsec auto
> --rereadall` but it only reload the cacerts/crls/etc but not for
> /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in
> /etc/ipsec.conf).
>
> Is it possible to reload the configuration file without interrupting
> established connections?
>
> Thank you :)
>
> Best regards,
> Steve
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130715/9df77be5/attachment.html>


More information about the Users mailing list