[strongSwan] SIGHUP

Martin Willi martin at strongswan.org
Thu Dec 6 10:01:56 CET 2012


Hi Jordan,

> I need to initiate SIGHUP for strongswan to pick up configurations in
> strongswan.conf.

SIGHUP reloads strongswan.conf and tells all plugins to reload its
configuration. But this is currently supported in a few plugins only,
namely eap-radius, attr and (partially in) pkcs11.

> I want to confirm if this still holds true with strongswan 5.0

Yes.

> 1. Do all updates to "strongswan.conf" require SIGHUP? Are there any
> configurations that may still require ipsec stop and ipsec start?

strongswan.conf is reread after SIGHUP, but this does not mean that new
options apply automatically. Some options are fetched for each newly
established connection (such as retransmission parameters), these apply
to newly established connections. Others for long-lived infrastructure
are read during startup, a restart is required to change them.

> 2. Does SIGHUP stop active IPsec connections.

No.

Regards
Martin





More information about the Users mailing list