Hi James, > Up to and including StrongSwan 5.0 'ipsec reload' would only > re-initialize tunnels that have been changed in the configuration.
Actually, `ipsec reload` always removed and re-added ALL connections not only the changed ones. Use `ipsec update` to only reload the changed connections. > Does anyone know why all policies are removed by 'ipsec reload'? It > seems that this should not happen UNLESS all tunnel configurations have > been removed or change in ipsec.conf. Since 5.0.1 removed and changed connections with `auto=route` are unrouted (same as `ipsec unroute <name>`), this properly allows changing `left|rightsubnet` or `auto` for such connections. But if you use `reload` instead of `update` all connections are considered to have changed, so all connections are unrouted and routed again. Regards, Tobias _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
