[strongSwan-dev] ipsec rereadsecrets restarts tunnels
James Hulka
jah at open.ch
Thu Feb 28 15:38:40 CET 2013
When the 'ipsec rereadsecrets' command is issued all secrets are purged
and the values in ipsec.secrets are added new.
This has the effect that currently established tunnels are deleted and
re-initiated:
rereading secrets
loading secrets from '/etc/ipsec.secrets'
loaded RSA private key from '/etc/ipsec.d/private/a.pem'
received stroke: delete connection 'a_to_b'
deleted connection 'a_to_b'
received stroke: add connection 'a_to_b'
loaded RSA public key for "a.a.a.a" from '/etc/ipsec.d/public/a.pub'
loaded RSA public key for "b.b.b.b" from '/etc/ipsec.d/public/b.pub'
added configuration 'a_to_b'
received stroke: initiate 'a_to_b'
received stroke: add connection 'a_to_c'
loaded RSA public key for "a.a.a.a" from '/etc/ipsec.d/public/a.pub'
loaded RSA public key for "c.c.c.c" from '/etc/ipsec.d/public/c.pub'
added configuration 'a_to_c'
received stroke: initiate 'a_to_c'
I have a situation where I would like to load a second private key to be
used with a second interface w/o the tunnels on the first interface
being interrupted.
Both 'ipsec reload' and 'ipsec update' are able to update the
configuration in the charon daemon w/o interrupting existing tunnels. Is
there a mechanism that would allow a second private key to be loaded w/o
removing the first private key and thus leaving the existing tunnels intact?
thanks in advance for any help,
James
More information about the Dev
mailing list