[Openswan Users] Had to reboot after Cert change to get tunnel working. Bug?

Jobst Schmalenbach jobst at barrett.com.au
Fri Feb 12 01:47:10 EST 2016


both sides of the tunnel are CentOS 6.7
both sides have all the latest updates
Both sides are snat'ed (Optus cablemodem in bridge mode, Cisco880 series in bridge mode)

I had to reboot one of the machines (Optus cable) as I had upgraded the system.

Upon reboot I saw that the certs were passed use by date, so I installed new certs.
I have done this many times so this is easy ...

Then I did an "/etc/rc.d/init.d/ipsec stop" on both machines and a "/etc/rc.d/init.d/ipsec start" on both machines.
Just to make sure I did this twice.

I did a test ping from inside of one of the LAN's pinging the other side, did not work.
I checked all the config files and compared them with previous versions (I have a snapshot system), and they were all correct.

I actually reset the iptables (both machines) to just make sure, nothing.

I had to reboot one side of the tunnel (Optus cable) to get this to work, after that no problem.

Why do I have to reboot?


Sendmail administration is not black magic.
There are legitimate technical reasons why it requires the sacrificing of a live chicken.

  | |0| |   Jobst Schmalenbach, jobst at barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L
  |0|0|0|   +61 3 9533 0000, POBox 277, Caulfield South, 3162, Australia

More information about the Users mailing list