IPsec and Connection Scheduler

Hey there,

I try to configure an automatic start and stop time for the IPsec-host but the option in the connection-scheduler does not seem to have the effect, that I hoped for. :slight_smile:

IPsec is fully configured and works perfect.

Now my goal is to “automate” the clicking of the “activate”-field at the top of the menu and hitting the “save”-button at a specific time (and deactivate it again later).

I tried it with the connection scheduler because it offers the option to “(re)start IPsec” but that does not seem to have any effect or at least not the same effect as “activating” IPsec.

I cross-checked with starting the “IPsec-service” from the terminal (/etc/init.d/Ipsec start) but that does not do the trick either.

Anyway, when I follow the log-messages, it seems like “activating” IPsec in the menu does a lot more, like loading certificats, etc. so what is the option in the connection-scheduler for?

And what commands are needed to automate “clicking activate” in the IPsec-menu?

Thanks in advance and greetings


ipsecctrl S
is the command that issued by the webgui if the checkbox is enabled and also by the connection sheduler ipsec start.


Hey Arne,

first of all, thank you very much for your quick reply! :slight_smile:

I did some more “testing” and made some observations. :nerd_face:

There is no check-mark appearing or disappearing when you refresh the IPsec-menu-site after you started or stopped IPsec either from the terminal (/etc/init.d/ipsec start) or via the connection scheduler. So I thought, this led to my confusion and solved the riddle, but unfortunately, there is more. :confused:

When I start IPsec via the menu and stop it via scheduler or terminal and later start it again via scheduler or terminal, everything works great (Connection, No Connection, Connection).


When IPsec is not activated via the menu in the first place and I start it via connection scheduler or terminal, it just does not work.

I compared the log-messages (tail -f /var/log/messages) and the initiating-sequence is exactly the same. The difference is, that when I “cold-start” IPsec via terminal or scheduler, the firewall drops the incoming requests from the IPsec-client.

Maybe someone can reproduce this behavior or I misconfigured something. :crazy_face:



Short annotation:

When IPsec is “cold-started” via scheduler or terminal there is also no indication that it is running on the page main-page (System->Home).

Greetings and a nice evening. :slight_smile:



I am searching documentation about ipsecctrl commands.
May I ask you if you have any refence?

Thanks in advance


Here is the source code for the ipsecctrl command. It has the info in it about the expected options.

If you try and run ipsecctrl without any options it will show you the allowed options which would be the other approach to use.