diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile
index aff11fdef..1c5217566 100644
--- a/net/strongswan/Makefile
+++ b/net/strongswan/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
 PKG_VERSION:=5.6.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_HASH:=e0c282d8ad418609c5dfb5e8efa01b28b95ef3678070ed47bf2a229f55f4ab53
diff --git a/net/strongswan/files/ipsec.init b/net/strongswan/files/ipsec.init
index 311679d69..07ccffd2e 100644
--- a/net/strongswan/files/ipsec.init
+++ b/net/strongswan/files/ipsec.init
@@ -7,6 +7,7 @@ USE_PROCD=1
 PROG=/usr/lib/ipsec/starter
 
 . $IPKG_INSTROOT/lib/functions.sh
+. $IPKG_INSTROOT/lib/functions/network.sh
 
 IPSEC_SECRETS_FILE=/etc/ipsec.secrets
 IPSEC_CONN_FILE=/etc/ipsec.conf
@@ -16,6 +17,8 @@ IPSEC_VAR_SECRETS_FILE=/var/ipsec/ipsec.secrets
 IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf
 STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf
 
+WAIT_FOR_INTF=0
+
 file_reset() {
 	: > "$1"
 }
@@ -290,11 +293,23 @@ config_ipsec() {
 		[ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id"
 	done
 
+	local interface_list=$(config_get "$1" "interface")
+	if [ -z "$interface_list" ]; then
+		WAIT_FOR_INTF=0
+	else
+		for interface in $interface_list; do
+			network_get_device device $interface
+			[ -n "$device" ] && append device_list "$device" ","
+		done
+		[ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1
+	fi
+
 	swan_xappend "# generated by /etc/init.d/ipsec"
 	swan_xappend "charon {"
 	swan_xappend "  load_modular = yes"
 	swan_xappend "  install_routes = $install_routes"
 	[ -n "$routing_tables_ignored" ] && swan_xappend "  ignore_routing_tables = $routing_tables_ignored"
+	[ -n "$device_list" ] && swan_xappend "  interfaces_use = $device_list"
 	swan_xappend "    plugins {"
 	swan_xappend "      include /etc/strongswan.d/charon/*.conf"
 	swan_xappend "    }"
@@ -318,23 +333,42 @@ prepare_env() {
 	config_foreach config_remote remote
 }
 
+service_running() {
+	ipsec status > /dev/null 2>&1
+}
+
 reload_service() {
-	prepare_env
-	if ipsec status > /dev/null 2>&1; then
-		ipsec rereadall
-		ipsec reload
-	else
-		ipsec start
-	fi
+	running && {
+		prepare_env
+		[ $WAIT_FOR_INTF -eq 0 ] && {
+			ipsec rereadall
+			ipsec reload
+			return
+		}
+	}
+
+	start
+}
+
+check_ipsec_interface() {
+	local intf
+
+	for intf in $(config_get "$1" interface); do
+		procd_add_interface_trigger "interface.*" "$intf" /etc/init.d/ipsec reload
+	done
 }
 
 service_triggers() {
 	procd_add_reload_trigger "ipsec"
+	config load "ipsec"
+	config_foreach check_ipsec_interface ipsec
 }
 
 start_service() {
 	prepare_env
 
+	[ $WAIT_FOR_INTF -eq 1 ] && return
+
 	procd_open_instance
 
 	procd_set_param command $PROG --daemon charon --nofork