[strongSwan] Strongswan 4.5.1 Sqlite database not updated until ipsec is restarted
Martin Willi
martin at strongswan.org
Wed Sep 14 09:38:50 CEST 2011
Hi Fabrice,
> When i modify sqlite database (add/remove connexions or
> add/modify/remove child_SA), ipsec modifications are not read and
> connexions stay down/up (depend on add/remove) .
Connections are read from the database and kept in memory for active
connections. Any changes to IKE- or CHILD_SAs or not propagated to
active connections. You'll have to reestablish the IKE_SA to re-fetch
from the database using "ipsec up/down", you can use the configuration
name and wildcards, see [1].
We have some plans to implement re-fetching of CHILD_SA configurations
during rekey and/or the establishment of new CHILD_SAs within an
existing IKE_SA, but it's not done yet.
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand
More information about the Users
mailing list