[strongSwan] What is expected "ipsec update" & "ipsec reload" behavior?
tobias at strongswan.org
Tue Feb 17 16:16:16 CET 2015
> Does it try to say that, if IPsec tunnel was previously established and
> then, if corresponding "conn" entry for that tunnel disappeared from the
> ipsec.conf file, then after "ipsec update" call those tunnels would
> still remain in the StrongSwan?
That's what it says, yes. But connections might actually still be
affected by these updates, see  and the related ticket for details.
To not affect unchanged connections you should use `update` instead of
`reload`, which replaces all configs.
> If yes, then how can I force strongSwan to remove those tunnels that are
> no longer in ipsec.conf file?
You terminate them manually with `ipsec down`. To avoid blocking we
added the `ipsec stroke down-nb` (and `up-nb`) command with 5.1.0 (a
delete exchange is still initiated but the command itself does not block).
More information about the Users