[strongSwan] procedure on network interface changes to ensure least disruption to ipsec tunnels currently established

[Shukla, Sanjay]

I have a situation wherein a floating ipAddress is assigned and removed on the network interface (ifconfig up/down) during the runtime when various tunnels are established on my machine.

I observe that ipsec daemon does not establish the tunnels on any ipAddress provisioned after ipsec was started, sort of seems unaware of it.

If I restart ipsec then works out fine. Since the majority of tunnels are not affected by this interface change I would like to preserve the currently established tunnel and somehow have the ipsec daemon be aware of the update to the nw interface. I understand adding a new IPAddres on the network interface has some fundamental effects on the daemon as it has to listen for IKE messages on that ip.


Looking for suggestion to this scenario.

Regards,
-sanjay



[cid:tree7a81.png]Please consider the environment before printing this email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120330/892c499b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tree7a81.png
Type: image/png
Size: 908 bytes
Desc: tree7a81.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120330/892c499b/attachment.png>