reload isakmpd

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

reload isakmpd

mottycruz
Hello, how to reload configuration without restarting isakmpd?

Thanks,

Reply | Threaded
Open this post in threaded view
|

Re: reload isakmpd

Andy Lemin
Try ipsecctl -f /etc/ipsec.conf


On Fri 25 Jul 2014 16:17:15 BST, motty cruz wrote:
> Hello, how to reload configuration without restarting isakmpd?
>
> Thanks,

Reply | Threaded
Open this post in threaded view
|

Re: reload isakmpd

Reyk Floeter-2
In reply to this post by mottycruz
On Fri, Jul 25, 2014 at 08:17:15AM -0700, motty cruz wrote:
> Hello, how to reload configuration without restarting isakmpd?
>
> Thanks,
>

Have a look at THE FIFO USER INTERFACE in isakmpd(8):

             NOTE: Sending isakmpd a SIGHUP or an "R" through the FIFO will
             void any updates done to the configuration.

You can also try to SIGHUP and re-run ipsecctl afterwards.

Good luck!

Reyk

Reply | Threaded
Open this post in threaded view
|

Re: reload isakmpd

mottycruz
Thank you all,

I used this command.

ps aux

kill 29309

kill 7908

ps aux

isakmpd -S

sasyncd


Thanks,


On Fri, Jul 25, 2014 at 8:29 AM, Reyk Floeter <[hidden email]> wrote:

> On Fri, Jul 25, 2014 at 08:17:15AM -0700, motty cruz wrote:
> > Hello, how to reload configuration without restarting isakmpd?
> >
> > Thanks,
> >
>
> Have a look at THE FIFO USER INTERFACE in isakmpd(8):
>
>              NOTE: Sending isakmpd a SIGHUP or an "R" through the FIFO will
>              void any updates done to the configuration.
>
> You can also try to SIGHUP and re-run ipsecctl afterwards.
>
> Good luck!
>
> Reyk

Reply | Threaded
Open this post in threaded view
|

Re: reload isakmpd

Stuart Henderson
In reply to this post by Andy Lemin
On 2014-07-25, Andy <[hidden email]> wrote:
> Try ipsecctl -f /etc/ipsec.conf

Sometimes this works ok, but I do have some occasions when I need
to shutdown isakmpd, ipsecctl -F and restart.

Note that this doesn't clear old config, so you can't use it to tear
down sessions that you no longer want - you can paste the relevant
config lines to "ipsecctl -df -" to delete them though.

Reply | Threaded
Open this post in threaded view
|

Re: reload isakmpd

James Shupe-4
> Note that this doesn't clear old config, so you can't use it to tear
> down sessions that you no longer want - you can paste the relevant
> config lines to "ipsecctl -df -" to delete them though.
>
>
>

As an added note for ipsecctl -df, you can break all your peers into
their own files and include them from the main ipsec.conf. Then you can
"ipsecctl -df /etc/ipsec/peer.conf"...

When you have several dozen peers, it makes troubleshooting individual
ones a bit easier.

--
James Shupe

Reply | Threaded
Open this post in threaded view
|

Re: reload isakmpd

Atanas Vladimirov
On 25.07.2014 19:42, James Shupe wrote:

>> Note that this doesn't clear old config, so you can't use it to tear
>> down sessions that you no longer want - you can paste the relevant
>> config lines to "ipsecctl -df -" to delete them though.
>>
>>
>>
>
> As an added note for ipsecctl -df, you can break all your peers into
> their own files and include them from the main ipsec.conf. Then you can
> "ipsecctl -df /etc/ipsec/peer.conf"...
>
> When you have several dozen peers, it makes troubleshooting individual
> ones a bit easier.

There is a good article about isakmpd/ipsec on undeadly:
http://undeadly.org/cgi?action=article&sid=20131125041429

Reply | Threaded
Open this post in threaded view
|

Re: reload isakmpd

Boris Goldberg
In reply to this post by mottycruz
Hello Motty,

Friday, July 25, 2014, 10:17:15 AM, you wrote:

mc> Hello, how to reload configuration without restarting isakmpd?

  I assume you start isakmpd directly (configuring isakmpd.conf and
isakmpd.policy). Than you'll see in the process list something like

process_number_1 ... isakmpd
process_number_2 ... isakmpd: monitor [priv] (isakmpd)

  "kill -1 process_number_2" will make isakmpd to reload configuration.

  "kill -1 `cat /var/run/isakmpd.pid`" also works in most cases.

--
Best regards,
 Boris                            mailto:[hidden email]