[strongSwan] ipsec reload fails to kill obsolete connections?
Martin Willi
martin at strongswan.org
Wed Mar 18 17:24:00 CET 2015
Yves,
> When we generate a new version of these files we issue an ipsec reload
> (not just update). I'd expect that to kill connections that are not
> relevant anymore, but this is not the case ipsec statusall shows them
> still as defined and up and running.
"ipsec reload" by design does not affect running connections, it reloads
the configuration only. You'll have to manually "ipsec down" any
connection instance for affected configurations. Please refer to the
discussion at [1] for more information.
Regards
Martin
[1]http://dev.strongswan.narkive.com/sa7nwo4I/strongswan-dev-patch-starter-cleanup-sas-when-deleting-a-connection
More information about the Users
mailing list