Hi Sanjay, I am yet to perform extensive testing, but in basic testing this seems to be working.
In case of any change in EE key, or CA cert 'ipsec rereadall' can be done to use the new certificates. I case of any change in EE cert, the method mentioned by Andreas can be used. 'ipsec down <connection>' should be done in both cases before, to ensure that existing ISAKMP SA is teared down. New ISAKMP SA establishment will happen using the modified certificates. Regards, Divya Mohan M On Fri, Jun 22, 2012 at 2:15 AM, Shukla, Sanjay <[email protected]> wrote: > Hi Divya, > > Does this work for you .. I am having a similar requirement. > > Regards, > -sanjay > > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
