[Openswan Users] How to reload ipsec.conf without disconnecting unaffected tunnels?
Timmy
moonyhk at netscape.net
Mon Jul 15 06:05:10 UTC 2013
On Ubuntu:
service ipsec
{start|stop|restart|reload|force-reload|condrestart|try-restart|status|version}
> Thank you for rescuing this email from spam.
>
> Does anyone have any idea to reload ipsec config without affecting the
> existing tunnels?
>
>
> Best regards,
> Steve
>
>
>
> 2013/7/5 Steve Leung <kesteve at kesteve.com <mailto:kesteve at kesteve.com>>
>
> Hi guys,
>
> I have OpenSWAN running when system boot, with several connections
> defined, one of them is using X.509 certificate.
>
> My system clock will be reset every time when I restart the
> system, (i.e. reset to Jan 01 2010), and the time will be
> corrected by NTP within a few minutes after boot. The problem is,
> when pluto start and try to load the certs, it will complain:
> "X.509 certificate is not valid until Aug 16 09:22:00 UTC 2012 (it
> is now=Jan 01 00:02:10 UTC 2010)". I'll need to run "ipsec setup
> restart" after NTP corrected the time, but this will disconnect
> all the existing connections.
>
> Is there any commands to reload the certs? There is `ipsec auto
> --rereadall` but it only reload the cacerts/crls/etc but not for
> /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in
> /etc/ipsec.conf).
>
> Is it possible to reload the configuration file without
> interrupting established connections?
>
> Thank you :)
>
> Best regards,
> Steve
>
>
>
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130715/8025ac29/attachment.html>
More information about the Users
mailing list