X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=src%2Fmisc-progs%2Fipsecctrl.c;h=365807c9e4ab336a5f208a30592e3a8b70a208f7;hp=65a96e01c8945a6eff25f97d7b7af47c0c30dfd6;hb=8e2683f70da85bd099fdbdb70d47facac5246606;hpb=db95c207362bbf475c4756f1f3b352cabe75c5e8

diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index 65a96e01c..365807c9e 100644
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -144,8 +144,8 @@ void turn_connection_on(char *name, char *type) {
                 "/usr/sbin/ipsec down %s >/dev/null", name);
         safe_system(command);
 
-	// Reload the configuration into the daemon.
-	safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+	// Reload the configuration into the daemon (#10339).
+	ipsec_reload();
 
 	// Bring the connection up again.
 	snprintf(command, STRING_SIZE - 1,
@@ -169,7 +169,15 @@ void turn_connection_off (char *name) {
         safe_system(command);
 
 	// Reload, so the connection is dropped.
-        safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+	ipsec_reload();
+}
+
+void ipsec_reload() {
+	/* Re-read all configuration files and secrets and
+	 * reload the daemon (#10339).
+	 */
+	safe_system("/usr/sbin/ipsec rereadall >/dev/null 2>&1");
+	safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
 }
 
 int main(int argc, char *argv[]) {
@@ -193,7 +201,7 @@ int main(int argc, char *argv[]) {
         }
 
         if (strcmp(argv[1], "R") == 0) {
-                safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+		ipsec_reload();
                 exit(0);
         }
 
@@ -270,22 +278,16 @@ int main(int argc, char *argv[]) {
         findkey(kv, "GREEN_DEV", if_green);
         if (VALID_DEVICE(if_green))
                 enable_green++;
-        else
-                fprintf(stderr, "IPSec enabled on green but green interface is invalid or not found\n");
 
 	// Check if ORANGE is enabled.
         findkey(kv, "ORANGE_DEV", if_orange);
         if (VALID_DEVICE(if_orange))
                 enable_orange++;
-        else
-                fprintf(stderr, "IPSec enabled on orange but orange interface is invalid or not found\n");
 
 	// Check if BLUE is enabled.
         findkey(kv, "BLUE_DEV", if_blue);
         if (VALID_DEVICE(if_blue))
                 enable_blue++;
-        else
-                fprintf(stderr, "IPSec enabled on blue but blue interface is invalid or not found\n");
 
         freekeyvalues(kv);