[strongSwan] ipsec update restarting affected tunnels

Tobias Brunner tobias at strongswan.org
Wed Jul 20 15:13:20 CEST 2016

Hi Stig,

> I've recently upgraded our strongswan from 4.5.2 to 5.2.2 and one of the
> differences I noticed is with the older version I could regenerate
> /etc/ipsec.conf and then do "ipsec rereadall" followed by "ipsec update"
> and any tunnels that were affected would restart. 

Really?  I don't think that ever was the case (at least not for IKEv2).

> Now with 5.2.2 I see
> the docs specifically say that "Currently established connections are
> not affected by configuration changes".  I know I could use "ipsec
> down|up" with the specific tunnel, but is there another command will has
> the same behavior as the older version?

No, you have to manually terminate established connections.


More information about the Users mailing list