[Openswan Users] How to reload ipsec.conf without disconnecting unaffected tunnels?
Leto
letoams at gmail.com
Mon Jul 15 13:31:13 UTC 2013
ipsec auto --rereadall
sent from a tiny device
On 2013-07-15, at 0:28, Steve Leung <kesteve at kesteve.com> wrote:
> Thank you for rescuing this email from spam.
>
> Does anyone have any idea to reload ipsec config without affecting the existing tunnels?
>
>
> Best regards,
> Steve
>
>
>
> 2013/7/5 Steve Leung <kesteve at kesteve.com>
>> Hi guys,
>>
>> I have OpenSWAN running when system boot, with several connections defined, one of them is using X.509 certificate.
>>
>> My system clock will be reset every time when I restart the system, (i.e. reset to Jan 01 2010), and the time will be corrected by NTP within a few minutes after boot. The problem is, when pluto start and try to load the certs, it will complain: "X.509 certificate is not valid until Aug 16 09:22:00 UTC 2012 (it is now=Jan 01 00:02:10 UTC 2010)". I'll need to run "ipsec setup restart" after NTP corrected the time, but this will disconnect all the existing connections.
>>
>> Is there any commands to reload the certs? There is `ipsec auto --rereadall` but it only reload the cacerts/crls/etc but not for /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in /etc/ipsec.conf).
>>
>> Is it possible to reload the configuration file without interrupting established connections?
>>
>> Thank you :)
>>
>> Best regards,
>> Steve
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130715/5efd1456/attachment.html>
More information about the Users
mailing list