[Openswan Users] How to reload ipsec.conf without disconnecting unaffected tunnels?

Steve Leung kesteve at kesteve.com
Fri Jul 19 03:43:23 UTC 2013 

Hi Leto,

Unfortunately the --rereadall option only reload the cacerts/crls/etc but
not for /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in /etc/
ipsec.conf).


Best regards,
Steve



2013/7/15 Leto <letoams at gmail.com>

> ipsec auto --rereadall
>
> sent from a tiny device
>
> On 2013-07-15, at 0:28, Steve Leung <kesteve at kesteve.com> wrote:
>
> Thank you for rescuing this email from spam.
>
> Does anyone have any idea to reload ipsec config without affecting the
> existing tunnels?
>
>
> Best regards,
> Steve
>
>
>
> 2013/7/5 Steve Leung <kesteve at kesteve.com>
>
>> Hi guys,
>>
>> I have OpenSWAN running when system boot, with several connections
>> defined, one of them is using X.509 certificate.
>>
>> My system clock will be reset every time when I restart the system, (i.e.
>> reset to Jan 01 2010), and the time will be corrected by NTP within a few
>> minutes after boot. The problem is, when pluto start and try to load the
>> certs, it will complain: "X.509 certificate is not valid until Aug 16
>> 09:22:00 UTC 2012 (it is now=Jan 01 00:02:10 UTC 2010)". I'll need to run
>> "ipsec setup restart" after NTP corrected the time, but this will
>> disconnect all the existing connections.
>>
>> Is there any commands to reload the certs? There is `ipsec auto
>> --rereadall` but it only reload the cacerts/crls/etc but not for
>> /etc/ipsec.d/certs (i.e. leftcert and rightcert defined in
>> /etc/ipsec.conf).
>>
>> Is it possible to reload the configuration file without interrupting
>> established connections?
>>
>> Thank you :)
>>
>> Best regards,
>> Steve
>>
>>
>>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130719/a7b75d52/attachment.html>

More information about the Users mailing list