Hmmm. Changes to the config file no longer trigger restarts of the ipsec service because there is no longer a store path that changes. Not really sure how to get around this.

I believe you can use restartTriggers for this: https://github.com/NixOS/nixpkgs/search?q=restartTriggers&unscoped_q=restartTriggers

You could use environment.etc."ipsec.conf". That creates a in /etc to the store path.

@aneeshusa nice call, that totally worked. Just pushed up a change which I think actually made the diff smaller.

Any updates on this pull request, please?

I would recommend to hold this PR back until libreswan is updated. Version 3.18, which is in nixpkgs, is from Jul 27, 2016. The most recent version is 3.29. When the problem still exists after the update we can merge this PR.

Note that there is also a CVE out for pre 3.28 versions.

Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:

1. Search for maintainers and people that previously touched the
   related code and @ mention them in a comment.
2. Ask on the NixOS Discourse. 3. Ask on the #nixos channel on
   irc.freenode.net.

Not the original submitter, but I can confirm that this issue is still relevant and that the proposed fix works. To my eyes, it is ready to merge.

There is still another stumbling block which could be fixed in the future: ipsec does not start if the directory /etc/ipsec.d does not exist.

I'm not using libreswan anymore (wireguard gang) so I'm not going to be able to validate changes to this PR. If someone else wants to carry across to the finish line, please do.