How to restart a VPN connection that is experiencing issues:
1. Find the VPN connection name
Each VPN has a name (also called a connection name).
To check what yours is:
cat /etc/ipsec.d/<vpn-name>.conf
Inside this file, you’ll see the connection name (for example: sanfrancisco-customername).
Use this name in the commands below.
2. Restart the VPN connection
If the VPN stops working, you can restart it with these commands (replace <vpn-name> with your actual connection name):
sudo ipsec auto --down <vpn-name>
sudo ipsec auto --delete <vpn-name>
sudo ipsec auto --add <vpn-name>
sudo ipsec auto --up <vpn-name>
Run them one by one in order.
This will safely bring the VPN down, remove it, re-add it, and bring it back up.
3. Check if the VPN is running
After restarting, you can check the VPN status in two ways:
Option A (simplest):
sudo service ipsec status
Option B (shows more detail):
sudo ipsec whack --status | grep '<connection_name>'
Replace <connection_name> with your VPN name (for example, cisco-miami).
That’s it! If the VPN still does not reconnect after following these steps, contact support and provide the exact error message shown.
Modify the IP of a VPN connection:
1. Locate the VPN config file
Each connection has a configuration file in /etc/ipsec.d/.
Example:
sudo cat /etc/ipsec.d/<vpn-name>.conf
2. Find and change the IP settings
Inside the file, look for:
left= # local server IP
right= # remote peer IP
Change the IP(s) as required. Example:
left=192.168.1.10
right=203.0.113.5
3. Save and verify syntax
Run:
sudo ipsec auto --show <vpn-name>
This checks that the config is valid.
4. Reload configuration (pply your changes):
sudo ipsec auto --replace <vpn-name>
sudo ipsec auto --up <vpn-name>
5. Verify the tunnel is active, check:
sudo ipsec whack --status | grep <vpn-name>
or:
sudo ipsec auto --status
6. If the tunnel fails to reload, restart the service:
sudo service ipsec restart
sudo service ipsec status
7. If it still fails, restart the server:
sudo reboot