(racoon 532) Re: Configuration reload and existing tunnels

[Brian Buesker <bbuesker@qualcomm.com>]

VANHULLEBUS Yvan wrote:

> On Wed, Jun 09, 2004 at 01:59:01PM +0200, VANHULLEBUS Yvan wrote:
>  
>
> > Hi.
> >
> > I would like to be able to update racoon's configuration (adding a new
> > tunnel) without killing racoon's process.
> >
> > In fact, I want to keep existing tunnels alive.
> >    
> [....]
>
>
> Posted a bit too fast :-)
>
>
> There IS a cfreparse() function, which is called when racoon gets a
> SIGHUP, but one of the first things which are done is a flushph2() and
> a flushph1(), and in fact a quite complete flush of everything !
>
> So I still cannot do what I want: updating racoon's conf without
> deleting existing phase1/phase2 SAs which have been already
> negociated.
>
>
> Did someone already tried "something" to do that ?
>  
There was some discussion about this on the ipsec-tools mailing list. 
You can read the thread here:

http://sourceforge.net/mailarchive/forum.php?thread_id=3866069&forum_id=32000

If you have any other ideas on how it could be handled though, 
suggestions are welcome.

Brian