3 files changed, 17 insertions, 6 deletions

diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in
index 8a02e1f08..774acaa5c 100644
--- a/op-mode-definitions/monitor-log.xml.in
+++ b/op-mode-definitions/monitor-log.xml.in
@@ -224,6 +224,19 @@
             </properties>
             <command>journalctl --no-hostname --boot --follow --unit ssh.service</command>
           </leafNode>
+          <node name="vpn">
+            <properties>
+              <help>Show log for Virtual Private Network (VPN)</help>
+            </properties>
+            <children>
+              <leafNode name="ipsec">
+                <properties>
+                  <help>Monitor last lines of IPSec</help>
+                </properties>
+                <command>journalctl --no-hostname --boot --follow --unit strongswan-starter.service</command>
+              </leafNode>
+            </children>
+          </node>
         </children>
       </node>
     </children>
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index 24a1b5f3e..455bd7c64 100644
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -386,7 +386,7 @@
                 <properties>
                   <help>Show log for IPSec</help>
                 </properties>
-                <command>cat $(printf "%s\n" /var/log/messages* | sort -nr) | grep -e charon</command>
+                <command>journalctl --no-hostname --boot --unit strongswan-starter.service</command>
               </leafNode>
               <leafNode name="l2tp">
                 <properties>
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index bad9cfbd8..5ca32d23e 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -595,13 +595,11 @@ def wait_for_vici_socket(timeout=5, sleep_interval=0.1):
         sleep(sleep_interval)
 
 def apply(ipsec):
+    systemd_service = 'strongswan-starter.service'
     if not ipsec:
-        call('sudo ipsec stop')
+        call(f'systemctl stop {systemd_service}')
     else:
-        call('sudo ipsec restart')
-        call('sudo ipsec rereadall')
-        call('sudo ipsec reload')
-
+        call(f'systemctl reload-or-restart {systemd_service}')
         if wait_for_vici_socket():
             call('sudo swanctl -q')