[Openswan Users] How to reload ipsec.conf without disconnecting unaffected tunnels?

Nick Howitt n1ck.h0w1tt at gmail.com
Mon Jul 15 07:21:18 UTC 2013


 

For a single tunnel try "ipsec auto --replace {conn-name}". 

On 2013-07-15 07:05, Timmy wrote: 

> On Ubuntu:
> service ipsec {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version}
> 
> Thank you for rescuing this email from spam.
> 
> Does anyone have any idea to reload ipsec config without affecting the existing tunnels? 
> 
> Best regards,
> Steve
> 
> 2013/7/5 Steve Leung <kesteve at kesteve.com>
> 
> Hi guys,
> 
> I have OpenSWAN running when system boot, with several connections defined, one of them is using X.509 certificate.
> 
> My system clock will be reset every time when I restart the system, (i.e. reset to Jan 01 2010), and the time will be corrected by NTP within a few minutes after boot. The problem is, when pluto start and try to load the certs, it will complain: "X.509 certificate is not valid until Aug 16 09:22:00 UTC 2012 (it is now=Jan 01 00:02:10 UTC 2010)". I'll need to run "ipsec setup restart" after NTP corrected the time, but this will disconnect all the existing connections. 
> 
> Is there any commands to reload the certs? There is `ipsec auto --rereadall` but it only reload the cacerts/crls/etc but not for /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in /etc/ipsec.conf). 
> 
> Is it possible to reload the configuration file without interrupting established connections?
> 
> Thank you :) 
> 
> Best regards,
> Steve
> 
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users [1]
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy [2]
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155 [3]

_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users [1]
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
[2]
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
[3]

 

Links:
------
[1] https://lists.openswan.org/mailman/listinfo/users
[2] https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
[3]
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130715/adf67ae1/attachment-0001.html>


More information about the Users mailing list