[Swan] adding ipsec clients requiring reboot
Ted Toth
txtoth at gmail.com
Thu Dec 11 16:06:21 EET 2014
'ipsec secrets' looks promising ... more testing required. Thanks
Ted
On Thu, Dec 11, 2014 at 7:35 AM, Nick Howitt <nick at howitts.co.uk> wrote:
> Unless it has changed recently "ipsec auto --add ..." does not reread the
> secrets file you you'll probably also have to do an "ipsec secrets". I'd do
> it before the "ipsec auto ..." to get the secrets into place before the conn
> is added.
>
> Nick
>
>
> On 2014-12-11 13:28, Ted Toth wrote:
>>
>> This is actually an openswan RHEL6 question but hopefully the answer
>> will also apply to libreswan. We have a script to add a ipsec client
>> to our server which creates ${REMOTE_HOSTNAME}.conf (conn
>> ${REMOTE_HOSTNAME}) and ${REMOTE_HOSTNAME}.secrets in /etc/ipsec.d and
>> then does:
>> ipsec auto --add ${REMOTE_HOSTNAME}
>> ipsec auto --asynchronous --up ${REMOTE_HOSTNAME}
>>
>> On the client we do the mirror using the server hostname. However the
>> connection doesn't work unless we reboot both ends. What are the steps
>> and their order required to add a client without having to reboot?
>>
>> Ted
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list