[strongSwan-dev] StrongSwan 5.2 ipsec reload behaviour changed
Tobias Brunner
tobias at strongswan.org
Wed Feb 11 16:44:03 CET 2015
Hi James,
> Up to and including StrongSwan 5.0 'ipsec reload' would only
> re-initialize tunnels that have been changed in the configuration.
Actually, `ipsec reload` always removed and re-added ALL connections not
only the changed ones. Use `ipsec update` to only reload the changed
connections.
> Does anyone know why all policies are removed by 'ipsec reload'? It
> seems that this should not happen UNLESS all tunnel configurations have
> been removed or change in ipsec.conf.
Since 5.0.1 removed and changed connections with `auto=route` are
unrouted (same as `ipsec unroute <name>`), this properly allows changing
`left|rightsubnet` or `auto` for such connections. But if you use
`reload` instead of `update` all connections are considered to have
changed, so all connections are unrouted and routed again.
Regards,
Tobias
More information about the Dev
mailing list