From: Tom Rymes <tom@rymes.net>
To: Adolf Belka <adolf.belka@ipfire.org>
Cc: "IPFire: Development-List" <development@lists.ipfire.org>
Subject: Re: [PATCH 4/6] backup.pl: Fixes bug13737 - restarts ipsec to use the restored certs etc
Date: Tue, 1 Apr 2025 17:55:57 -0400 [thread overview]
Message-ID: <11E387A3-EFAA-48FC-8C1D-4989D350D0F0@rymes.net> (raw)
In-Reply-To: <641fb592-2f53-46fb-b48a-7e0d92baf0e4@ipfire.org>
> On Apr 1, 2025, at 5:47 PM, Adolf Belka <adolf.belka@ipfire.org> wrote:
<snip>
> I have tested this and the old ipsec certificate connection kept on working, even though the restore had only a PSK connection and no certificate connection.
> So not doing a restart would leave the existing connections going but the connections that were restored would not work. So the question would be why do a restore if you don't intend to replace the existing connections.
The restart seems wise to me. My only concern was that the user should be aware that initiating the process will cause existing connections to be dropped. Perhaps this could be an explicit notice to the user, or perhaps that’s unneeded because it should be obvious.
Tom
next prev parent reply other threads:[~2025-04-01 21:56 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-01 18:07 [PATCH 1/6] vpnmain.cgi: Fixes bug13737 - remove unneeded &cleanssldatabase calls Adolf Belka
2025-04-01 18:07 ` [PATCH 2/6] vpnmain.cgi: Fixes bug13737 - revoke any deleted client certificate Adolf Belka
2025-04-02 10:21 ` Michael Tremer
2025-04-02 10:41 ` Adolf Belka
2025-04-02 13:52 ` Michael Tremer
2025-04-01 18:07 ` [PATCH 3/6] include: Add the contents of the ipsec certs directory to the backup Adolf Belka
2025-04-01 18:08 ` [PATCH 4/6] backup.pl: Fixes bug13737 - restarts ipsec to use the restored certs etc Adolf Belka
[not found] ` <F37E461A-91BF-45B6-904E-92E85B51DE2C@rymes.net>
2025-04-01 20:44 ` Adolf Belka
2025-04-01 21:46 ` Adolf Belka
2025-04-01 21:55 ` Tom Rymes [this message]
2025-04-01 21:52 ` Tom Rymes
2025-04-02 10:24 ` Adolf Belka
2025-04-02 10:25 ` Michael Tremer
2025-04-01 18:08 ` [PATCH 5/6] core194: Ship the vpnmain.cgi changes Adolf Belka
2025-04-01 18:08 ` [PATCH 6/6] core194: Ship the backup file changes Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11E387A3-EFAA-48FC-8C1D-4989D350D0F0@rymes.net \
--to=tom@rymes.net \
--cc=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox