[strongSwan] Strongswan 4.5.1 Sqlite database not updated until ipsec is restarted
CETIAD - Fabrice Barconnière
fabrice.barconniere at ac-dijon.fr
Tue Sep 20 10:08:22 CEST 2011
Hello,
It seems when certificates is added or modified in database, it can't
be read until ipsec is restarted.
Le 14/09/2011 10:11, CETIAD - Fabrice Barconnière a écrit :
> Hello Martin,
>
> You mean i must down connection before change database ?
>
> But when i add a new connection in database, ipsec up connection_name
> command doesn't get up this new connection.
>
> Regards
> Fabrice
>
> Le 14/09/2011 09:38, Martin Willi a écrit :
>> Hi Fabrice,
>>
>>> When i modify sqlite database (add/remove connexions or
>>> add/modify/remove child_SA), ipsec modifications are not read and
>>> connexions stay down/up (depend on add/remove) .
>> Connections are read from the database and kept in memory for active
>> connections. Any changes to IKE- or CHILD_SAs or not propagated to
>> active connections. You'll have to reestablish the IKE_SA to re-fetch
>> from the database using "ipsec up/down", you can use the configuration
>> name and wildcards, see [1].
>>
>> We have some plans to implement re-fetching of CHILD_SA configurations
>> during rekey and/or the establishment of new CHILD_SAs within an
>> existing IKE_SA, but it's not done yet.
>>
>> Regards
>> Martin
>>
>> [1]http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand
>>
>>
>>
More information about the Users
mailing list