tl;dr: do not use "ipsec restart" even with systemd. If the strongswan service is running and one calls "ipsec restart", systemd will lose track of the service:
# make sure strongswan is running sudo service strongswan start # restart ipsec the "wrong" way sudo ipsec restart # notice that systemd saw ipsec stopping but not restarting sudo journalctl -o cat -u strongswan | tail 12[CFG] left nor right host is our side, assuming left=local 12[CFG] added configuration 'passthrough-rw' 14[CFG] received stroke: route 'passthrough-rw' 16[CFG] received stroke: add connection 'xelerance-sdeziel' 16[CFG] added configuration 'xelerance-sdeziel' 00[DMN] signal of type SIGINT received. Shutting down charon stopped after 200 ms charon stopped after 200 ms ipsec starter stopped ipsec starter stopped # confirm ipsec is still functioning otherwise sudo ipsec status Shunted Connections: passthrough-rw: 172.24.27.0/24 192.168.29.6/32 === 172.24.27.0/24 192.168.29.6/32 PASS Security Associations (0 up, 0 connecting): none # ask systemd to stop it (unsuccessfully) sudo service strongswan stop # confirm ipsec is still functioning otherwise sudo ipsec status Shunted Connections: passthrough-rw: 172.24.27.0/24 192.168.29.6/32 === 172.24.27.0/24 192.168.29.6/32 PASS Security Associations (0 up, 0 connecting): none -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1287339 Title: Using "ipsec start|stop|restart" confuses upstart/systemd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1287339/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
