Re: reload isakmpd
Hello Motty, Friday, July 25, 2014, 10:17:15 AM, you wrote: mc Hello, how to reload configuration without restarting isakmpd? I assume you start isakmpd directly (configuring isakmpd.conf and isakmpd.policy). Than you'll see in the process list something like process_number_1 ... isakmpd process_number_2 ... isakmpd: monitor [priv] (isakmpd) kill -1 process_number_2 will make isakmpd to reload configuration. kill -1 `cat /var/run/isakmpd.pid` also works in most cases. -- Best regards, Borismailto:bo...@twopoint.com
Re: reload isakmpd
Try ipsecctl -f /etc/ipsec.conf On Fri 25 Jul 2014 16:17:15 BST, motty cruz wrote: Hello, how to reload configuration without restarting isakmpd? Thanks,
Re: reload isakmpd
On Fri, Jul 25, 2014 at 08:17:15AM -0700, motty cruz wrote: Hello, how to reload configuration without restarting isakmpd? Thanks, Have a look at THE FIFO USER INTERFACE in isakmpd(8): NOTE: Sending isakmpd a SIGHUP or an R through the FIFO will void any updates done to the configuration. You can also try to SIGHUP and re-run ipsecctl afterwards. Good luck! Reyk
reload isakmpd
Hello, how to reload configuration without restarting isakmpd? Thanks,
Re: reload isakmpd
Thank you all, I used this command. ps aux kill 29309 kill 7908 ps aux isakmpd -S sasyncd Thanks, On Fri, Jul 25, 2014 at 8:29 AM, Reyk Floeter r...@openbsd.org wrote: On Fri, Jul 25, 2014 at 08:17:15AM -0700, motty cruz wrote: Hello, how to reload configuration without restarting isakmpd? Thanks, Have a look at THE FIFO USER INTERFACE in isakmpd(8): NOTE: Sending isakmpd a SIGHUP or an R through the FIFO will void any updates done to the configuration. You can also try to SIGHUP and re-run ipsecctl afterwards. Good luck! Reyk
Re: reload isakmpd
On 2014-07-25, Andy a...@brandwatch.com wrote: Try ipsecctl -f /etc/ipsec.conf Sometimes this works ok, but I do have some occasions when I need to shutdown isakmpd, ipsecctl -F and restart. Note that this doesn't clear old config, so you can't use it to tear down sessions that you no longer want - you can paste the relevant config lines to ipsecctl -df - to delete them though.
Re: reload isakmpd
Note that this doesn't clear old config, so you can't use it to tear down sessions that you no longer want - you can paste the relevant config lines to ipsecctl -df - to delete them though. As an added note for ipsecctl -df, you can break all your peers into their own files and include them from the main ipsec.conf. Then you can ipsecctl -df /etc/ipsec/peer.conf... When you have several dozen peers, it makes troubleshooting individual ones a bit easier. -- James Shupe
Re: reload isakmpd
On 25.07.2014 19:42, James Shupe wrote: Note that this doesn't clear old config, so you can't use it to tear down sessions that you no longer want - you can paste the relevant config lines to ipsecctl -df - to delete them though. As an added note for ipsecctl -df, you can break all your peers into their own files and include them from the main ipsec.conf. Then you can ipsecctl -df /etc/ipsec/peer.conf... When you have several dozen peers, it makes troubleshooting individual ones a bit easier. There is a good article about isakmpd/ipsec on undeadly: http://undeadly.org/cgi?action=articlesid=20131125041429