tl;dr: do not use "ipsec restart" even with systemd.
If the strongswan service is running and one calls "ipsec restart", systemd will lose track of the service:
# make sure strongswan is running
sudo service strongswan start
# restart ipsec the "wrong" way
sudo ipsec restart
# notice that systemd saw ipsec stopping but not restarting
sudo journalctl -o cat -u strongswan | tail
12[CFG] left nor right host is our side, assuming left=local
12[CFG] added configuration 'passthrough-rw'
14[CFG] received stroke: route 'passthrough-rw'
16[CFG] received stroke: add connection 'xelerance-sdeziel'
16[CFG] added configuration 'xelerance-sdeziel'
00[DMN] signal of type SIGINT received. Shutting down
charon stopped after 200 ms
charon stopped after 200 ms
ipsec starter stopped
ipsec starter stopped
# confirm ipsec is still functioning otherwise
sudo ipsec status
Shunted Connections:
passthrough-rw: 172.24.27.0/24 192.168.29.6/32 === 172.24.27.0/24 192.168.29.6/32 PASS
Security Associations (0 up, 0 connecting):
none
# ask systemd to stop it (unsuccessfully)
sudo service strongswan stop
# confirm ipsec is still functioning otherwise
sudo ipsec status
Shunted Connections:
passthrough-rw: 172.24.27.0/24 192.168.29.6/32 === 172.24.27.0/24 192.168.29.6/32 PASS
Security Associations (0 up, 0 connecting):
none
tl;dr: do not use "ipsec restart" even with systemd.
If the strongswan service is running and one calls "ipsec restart", systemd will lose track of the service:
# make sure strongswan is running
sudo service strongswan start
# restart ipsec the "wrong" way
sudo ipsec restart
# notice that systemd saw ipsec stopping but not restarting
sudo journalctl -o cat -u strongswan | tail
12[CFG] left nor right host is our side, assuming left=local
12[CFG] added configuration 'passthrough-rw'
14[CFG] received stroke: route 'passthrough-rw'
16[CFG] received stroke: add connection 'xelerance-sdeziel'
16[CFG] added configuration 'xelerance-sdeziel'
00[DMN] signal of type SIGINT received. Shutting down
charon stopped after 200 ms
charon stopped after 200 ms
ipsec starter stopped
ipsec starter stopped
# confirm ipsec is still functioning otherwise
sudo ipsec status
Shunted Connections:
passthrough-rw: 172.24.27.0/24 192.168.29.6/32 === 172.24.27.0/24 192.168.29.6/32 PASS
Security Associations (0 up, 0 connecting):
none
# ask systemd to stop it (unsuccessfully)
sudo service strongswan stop
# confirm ipsec is still functioning otherwise
sudo ipsec status
Shunted Connections:
passthrough-rw: 172.24.27.0/24 192.168.29.6/32 === 172.24.27.0/24 192.168.29.6/32 PASS
Security Associations (0 up, 0 connecting):
none