Sorry, I should have "reply to all":<br><br>Hello Andreas,<br><br>Thank you for your reply!<br><br>but I did not established any SA, as you can see in both case, there is only a "none" in Security Associations: section.<br>
<br>Let me clarify my question:<br>
I have this line in my /etc/ipsec.conf:<br><br>include /etc/ipsec.d/conns/*.conn<br><br>1.conn and 2.conn are placed in the conn directory with same configuration except connection name,<br><br>After
I remove file 2.conn from the directory, I expect to see that there is
only connection information for 1.conn in Connections section of "ipsec
statusall" output, <br>
however, the result is nothing remaining in the Connections section after "ipsec update"<br><br>After I restart charon by "ipsec stop" and "ipsec start", the connection information came back.<br>
<br>test result:<div class="im"><br><br>root@myserver:/etc/ipsec.d/conns# ipsec statusall<br>Status of IKEv2 charon daemon (strongSwan 4.5.0):<br></div> uptime: 2 seconds, since Sep 22 13:39:54 2011<div class="im"><br> malloc: sbrk 262144, mmap 0, used 125824, free 136320<br>
worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0<br>
loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random
x509 revocation pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11
xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke
updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-tls
eap-ttls eap-tnc dhcp led addrblock<br>
Listening IP addresses:<br> 10.2.2.2<br></div>Connections: <div id=":1n"> <======================== 1 and 2 are all present in Connections section<div class="im"><br> 2: 10.2.2.2...10.2.2.1<br>
2: local: [10.2.2.2] uses pre-shared key authentication<br>
2: remote: [10.2.2.1] uses any authentication<br> 2: child: dynamic === dynamic<br> 1: child: dynamic === dynamic<br>Security Associations:<br> none<br></div>root@myserver:/etc/ipsec.d/conns# mv 2.conn ~/. <======================== remove 2.conn from the directory<div class="im">
<br>
root@myserver:/etc/ipsec.d/conns# ipsec update<br>Updating strongSwan IPsec configuration...<br>root@myserver:/etc/ipsec.d/conns# ipsec statusall<br>Status of IKEv2 charon daemon (strongSwan 4.5.0):<br></div> uptime: 28 seconds, since Sep 22 13:39:53 2011<br>
malloc: sbrk 258048, mmap 0, used 116488, free 141560<div class="im"><br> worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0<br>
loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random
x509 revocation pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11
xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke
updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-tls
eap-ttls eap-tnc dhcp led addrblock<br>
Listening IP addresses:<br> 10.2.2.2<br></div>Connections: <======================== There is nothing left in Connections section<br>Security Associations:<br> none<br>root@myserver:/etc/ipsec.d/conns# ipsec stop && ipsec start <========================restart charon<br>
Stopping strongSwan IPsec...<br>Starting strongSwan 4.5.0 IPsec [starter]...<div class="im"><br>root@myserver:/etc/ipsec.d/conns# ipsec statusall<br>Status of IKEv2 charon daemon (strongSwan 4.5.0):<br></div> uptime: 4 seconds, since Sep 22 13:40:31 2011<br>
malloc: sbrk 135168, mmap 0, used 123440, free 11728<div class="im"><br> worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0<br>
loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random
x509 revocation pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11
xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke
updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-tls
eap-ttls eap-tnc dhcp led addrblock<br>
Listening IP addresses:<br> 10.2.2.2<br>Connections:<br></div> 1: 10.2.2.2...10.2.2.1 <======================== The connection 1 come back<br> 1: local: [10.2.2.2] uses pre-shared key authentication<br>
1: remote: [10.2.2.1] uses any authentication<div class="im"><br> 1: child: dynamic === dynamic<br>Security Associations:<br> none</div></div><br>