When the 'ipsec rereadsecrets' command is issued all secrets are purged and the values in ipsec.secrets are added new.
This has the effect that currently established tunnels are deleted and re-initiated: rereading secrets loading secrets from '/etc/ipsec.secrets' loaded RSA private key from '/etc/ipsec.d/private/a.pem' received stroke: delete connection 'a_to_b' deleted connection 'a_to_b' received stroke: add connection 'a_to_b' loaded RSA public key for "a.a.a.a" from '/etc/ipsec.d/public/a.pub' loaded RSA public key for "b.b.b.b" from '/etc/ipsec.d/public/b.pub' added configuration 'a_to_b' received stroke: initiate 'a_to_b' received stroke: add connection 'a_to_c' loaded RSA public key for "a.a.a.a" from '/etc/ipsec.d/public/a.pub' loaded RSA public key for "c.c.c.c" from '/etc/ipsec.d/public/c.pub' added configuration 'a_to_c' received stroke: initiate 'a_to_c' I have a situation where I would like to load a second private key to be used with a second interface w/o the tunnels on the first interface being interrupted. Both 'ipsec reload' and 'ipsec update' are able to update the configuration in the charon daemon w/o interrupting existing tunnels. Is there a mechanism that would allow a second private key to be loaded w/o removing the first private key and thus leaving the existing tunnels intact? thanks in advance for any help, James _______________________________________________ Dev mailing list Dev@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/dev
