Upgrading IPsec

Note: Pivotal Platform is now part of VMware Tanzu. In v1.9 and later, Pivotal IPsec is named IPsec for VMware Tanzu.

Page last updated:

This topic describes how to upgrade IPsec for VMware Tanzu.

For product versions and upgrade paths, see Upgrade Planner.

Assumption about Ops Manager Versions

This topic assumes the following about your Ops Manager, BOSH CLI, and runtime config.

Ops Manager Version BOSH CLI Version Runtime Config More information
1.12 and later CLI v2+ runtime config in multiple, named files, so that ipseccan be managed separately

Breaking Change: If you are using v1.12 or later, you must use named runtime configs. If you have not already split your runtime config into multiple named files, do so before upgrading IPsec for VMware Tanzu. For general information about named runtime config files, see Configs.

Upgrade IPsec

To upgrade IPsec to a later version, do the following:

  1. Download the IPsec software binary from the VMware Tanzu Network to your local machine.

  2. To copy the software binary to your Ops Manager VM, run the following command:

    scp -i PATH-TO-PRIVATE-KEY ipsec-VERSION.tar.gz ubuntu@YOUR-OPS-MANAGER-VM-IP:

    For example:

    $ cp -i ~/.ssh/my-key.pem ~/Downloads/ipsec-1.8.14.tgz ubuntu@ 
  3. SSH into the Ops Manager VM. For how to do this, see SSH into Ops Manager.

  4. Retrieve the latest runtime config by running the following command:

    bosh -e BOSH-ENVIRONMENT runtime-config  --name ipsec > PATH-TO-SAVE-THE-RUNTIME-CONFIG

    For example:

    bosh -e my-env runtime-config  --name ipsec > /tmp/ipsec.yml
  5. Upload the latest IPsec release:


    For example:

    bosh -e my-env upload-release ~/ipsec-1.8.14.tgz
  6. Edit the ipsec runtime config to set the new release version.

    For example, edit the version in /tmp/ipsec.yml as follows:

     - {name: ipsec, version: 1.8.14} 

  7. Update the runtime config:

    bosh -e BOSH-ENVIRONMENT update-runtime-config --name=ipsec PATH-TO-SAVE-THE-RUNTIME-CONFIG

    For example:

    bosh -e my-env update-runtime-config --name=ipsec /tmp/ipsec.yml 
  8. Navigate to your Installation Dashboard in Ops Manager.

  9. If you are using Ops Manager v2.3 or later, click Review Pending Changes. For more information about this Ops Manager page, see Reviewing Pending Product Changes.

  10. Click Apply Changes.