[strongSwan] ipsec update restarting affected tunnels
tobias at strongswan.org
Wed Jul 20 15:13:20 CEST 2016
> I've recently upgraded our strongswan from 4.5.2 to 5.2.2 and one of the
> differences I noticed is with the older version I could regenerate
> /etc/ipsec.conf and then do "ipsec rereadall" followed by "ipsec update"
> and any tunnels that were affected would restart.
Really? I don't think that ever was the case (at least not for IKEv2).
> Now with 5.2.2 I see
> the docs specifically say that "Currently established connections are
> not affected by configuration changes". I know I could use "ipsec
> down|up" with the specific tunnel, but is there another command will has
> the same behavior as the older version?
No, you have to manually terminate established connections.
More information about the Users