[strongSwan] Strongswan 4.5.1 Sqlite database not updated until ipsec is restarted

Martin Willi martin at strongswan.org
Wed Sep 14 09:38:50 CEST 2011

Hi Fabrice,

> When i modify sqlite database (add/remove connexions or 
> add/modify/remove child_SA), ipsec modifications are not read and 
> connexions stay down/up (depend on add/remove) .

Connections are read from the database and kept in memory for active
connections. Any changes to IKE- or CHILD_SAs or not propagated to
active connections. You'll have to reestablish the IKE_SA to re-fetch
from the database using "ipsec up/down", you can use the configuration
name and wildcards, see [1].

We have some plans to implement re-fetching of CHILD_SA configurations
during rekey and/or the establishment of new CHILD_SAs within an
existing IKE_SA, but it's not done yet.



More information about the Users mailing list