IPSEC Changes Require Reboot
-
Any changes to an IPSEC tunnel requires a reboot to take effect. Why?
System Netgate SG-2440
BIOS Vendor: coreboot
Version: ADI_RCCVE-01.00.00.12-nodebug
Version 2.3.4-RELEASE-p1 (amd64)
built on Fri Jul 14 14:52:43 CDT 2017
FreeBSD 10.3-RELEASE-p19 -
What changes, specifically? I haven't ever seen that happen that I can recall.
Next time, instead of a reboot, if the changes do not apply then go to Status > Services and stop the IPsec service and then start it again. Do not use the restart button.
-
If I add another Phase 2 entry I have to reboot. I tried to restart just IPSEC but it does not work. I thought this was due to old hardware so I upgraded to NetGate and the problem persists.
-
If I add another Phase 2 entry I have to reboot.
I make P2 changes all the time and they take effect when expected, you'll have to be more specific. Do these new P2s get added to only a single tunnel? Do they overlap anything else? Anything special about them?
Since this doesn't appear to be happening to anyone else, there must be something distinct about your setup that is triggering the behavior
I tried to restart just IPSEC but it does not work
Did you use the "restart" button or did you actually stop and then start the service as I suggested? A restart doesn't restart IPsec, it only tells strongSwan to reload the configuration file.
-
Nothing special about them, just adding another host or network to the tunnel. I haven't stopped and started the IPSEC service, just used the icon that shows restart service. We'll try that.
This config has been running around 7 years and this behavior started around 2 years ago.