[Openswan Users] How to reload ipsec.conf without disconnecting unaffected tunnels?

[Timmy]

On Ubuntu:
service ipsec
{start|stop|restart|reload|force-reload|condrestart|try-restart|status|version}



> Thank you for rescuing this email from spam.
>
> Does anyone have any idea to reload ipsec config without affecting the
> existing tunnels?
>
>
> Best regards,
> Steve
>
>
>
> 2013/7/5 Steve Leung <kesteve at kesteve.com <mailto:kesteve at kesteve.com>>
>
>     Hi guys,
>
>     I have OpenSWAN running when system boot, with several connections
>     defined, one of them is using X.509 certificate.
>
>     My system clock will be reset every time when I restart the
>     system, (i.e. reset to Jan 01 2010), and the time will be
>     corrected by NTP within a few minutes after boot. The problem is,
>     when pluto start and try to load the certs, it will complain:
>     "X.509 certificate is not valid until Aug 16 09:22:00 UTC 2012 (it
>     is now=Jan 01 00:02:10 UTC 2010)". I'll need to run "ipsec setup
>     restart" after NTP corrected the time, but this will disconnect
>     all the existing connections.
>
>     Is there any commands to reload the certs? There is `ipsec auto
>     --rereadall` but it only reload the cacerts/crls/etc but not for
>     /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in
>     /etc/ipsec.conf).
>
>     Is it possible to reload the configuration file without
>     interrupting established connections?
>
>     Thank you :)
>
>     Best regards,
>     Steve
>
>
>
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130715/8025ac29/attachment.html>