I sent a diff to tech@ that should solve your problem: https://marc.info/?l=openbsd-tech&m=158447623916319&w=2
On Sun, Jan 26, 2020 at 04:12:00PM +0000, Peter Müller wrote: > Hello openbsd-misc, > > I am strongly interested in this, too. > > Since the iked manpage does not mention this, I suppose it is not possible. > In combination with ifstated, however, this might result in a DoS scenario > if one peer becomes unreachable - on purpose or by chance - and any other > IPsec connections break down due to an iked restart, as Stephan already > pointed > out. > > So any advice on this is appreciated a lot. :-) > > Thanks, and best regards, > Peter Müller > > > > Hi *, > > > > I am in a situation where I've got hosts that handle IPsec connection > > with multiple endpoints. > > > > So I've wondered if it was possible to restart single connections > > without rebuilding the rest of the connections. > > For example Machine A has a tunnel to machine B and machine C. > > The Tunnel to C is up and running as intended but the tunnel to B is > > broken (icmp echos don't return -> for example). How do I rebuilt the > > tunnel to B > > without restarting iked for all connections and interrupting my tunnel to > > C? > > > > Thank you for your time. > > > > g Stephan > > >
