Hello openbsd-misc, I am strongly interested in this, too.
Since the iked manpage does not mention this, I suppose it is not possible. In combination with ifstated, however, this might result in a DoS scenario if one peer becomes unreachable - on purpose or by chance - and any other IPsec connections break down due to an iked restart, as Stephan already pointed out. So any advice on this is appreciated a lot. :-) Thanks, and best regards, Peter Müller > Hi *, > > I am in a situation where I've got hosts that handle IPsec connection > with multiple endpoints. > > So I've wondered if it was possible to restart single connections > without rebuilding the rest of the connections. > For example Machine A has a tunnel to machine B and machine C. > The Tunnel to C is up and running as intended but the tunnel to B is > broken (icmp echos don't return -> for example). How do I rebuilt the tunnel > to B > without restarting iked for all connections and interrupting my tunnel to > C? > > Thank you for your time. > > g Stephan >
