[Openswan Users] Had to reboot after Cert change to get tunnel working. Bug?

[Jobst Schmalenbach]

Hi

both sides of the tunnel are CentOS 6.7
both sides have all the latest updates
Both sides are snat'ed (Optus cablemodem in bridge mode, Cisco880 series in bridge mode)

I had to reboot one of the machines (Optus cable) as I had upgraded the system.

Upon reboot I saw that the certs were passed use by date, so I installed new certs.
I have done this many times so this is easy ...

Then I did an "/etc/rc.d/init.d/ipsec stop" on both machines and a "/etc/rc.d/init.d/ipsec start" on both machines.
Just to make sure I did this twice.

I did a test ping from inside of one of the LAN's pinging the other side, did not work.
I checked all the config files and compared them with previous versions (I have a snapshot system), and they were all correct.

I actually reset the iptables (both machines) to just make sure, nothing.

I had to reboot one side of the tunnel (Optus cable) to get this to work, after that no problem.

Why do I have to reboot?


Jobst


-- 
Sendmail administration is not black magic.
There are legitimate technical reasons why it requires the sacrificing of a live chicken.

  | |0| |   Jobst Schmalenbach, jobst at barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L
  |0|0|0|   +61 3 9533 0000, POBox 277, Caulfield South, 3162, Australia