diff --git a/patches/00XX-better-tcp_md5-handling.patch b/patches/00XX-better-tcp_md5-handling.patch
index e7e535f..3aca4f3 100644
--- a/patches/00XX-better-tcp_md5-handling.patch
+++ b/patches/00XX-better-tcp_md5-handling.patch
@@ -4,7 +4,7 @@ RCS file: /cvs/src/usr.sbin/bgpd/bgpd.c,v
 retrieving revision 1.215
 diff -u -p -r1.215 bgpd.c
 --- src/usr.sbin/bgpd/bgpd.c	31 Mar 2019 16:57:38 -0000	1.215
-+++ src/usr.sbin/bgpd/bgpd.c	11 Apr 2019 14:41:57 -0000
++++ src/usr.sbin/bgpd/bgpd.c	15 Apr 2019 08:49:59 -0000
 @@ -91,7 +91,8 @@ usage(void)
  #define PFD_PIPE_SESSION	0
  #define PFD_PIPE_ROUTE		1
@@ -144,7 +144,7 @@ RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
 retrieving revision 1.378
 diff -u -p -r1.378 bgpd.h
 --- src/usr.sbin/bgpd/bgpd.h	31 Mar 2019 16:57:38 -0000	1.378
-+++ src/usr.sbin/bgpd/bgpd.h	11 Apr 2019 14:41:57 -0000
++++ src/usr.sbin/bgpd/bgpd.h	15 Apr 2019 08:49:59 -0000
 @@ -492,6 +492,7 @@ enum imsg_type {
  	IMSG_SESSION_STALE,
  	IMSG_SESSION_FLUSH,
@@ -159,7 +159,7 @@ RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v
 retrieving revision 1.54
 diff -u -p -r1.54 pfkey.c
 --- src/usr.sbin/bgpd/pfkey.c	20 Feb 2019 16:29:01 -0000	1.54
-+++ src/usr.sbin/bgpd/pfkey.c	11 Apr 2019 14:41:57 -0000
++++ src/usr.sbin/bgpd/pfkey.c	15 Apr 2019 08:49:59 -0000
 @@ -22,6 +22,8 @@
  #include <sys/uio.h>
  #include <net/pfkeyv2.h>
@@ -186,15 +186,7 @@ diff -u -p -r1.54 pfkey.c
  
  int	pfkey_reply(int, u_int32_t *);
  int	pfkey_send(int, uint8_t, uint8_t, uint8_t,
-@@ -412,6 +416,7 @@ pfkey_read(int sd, struct sadb_msg *h)
- {
- 	struct sadb_msg hdr;
- 
-+log_debug("%s: fd %d", __func__, pfkey_fd);
- 	if (recv(sd, &hdr, sizeof(hdr), MSG_PEEK) != sizeof(hdr)) {
- 		if (errno == EAGAIN || errno == EINTR)
- 			return (0);
-@@ -502,15 +507,15 @@ int
+@@ -502,15 +506,15 @@ int
  pfkey_sa_add(struct bgpd_addr *src, struct bgpd_addr *dst, u_int8_t keylen,
      char *key, u_int32_t *spi)
  {
@@ -214,7 +206,7 @@ diff -u -p -r1.54 pfkey.c
  		return (-1);
  	return (0);
  }
-@@ -518,10 +523,10 @@ pfkey_sa_add(struct bgpd_addr *src, stru
+@@ -518,10 +522,10 @@ pfkey_sa_add(struct bgpd_addr *src, stru
  int
  pfkey_sa_remove(struct bgpd_addr *src, struct bgpd_addr *dst, u_int32_t *spi)
  {
@@ -227,7 +219,7 @@ diff -u -p -r1.54 pfkey.c
  		return (-1);
  	*spi = 0;
  	return (0);
-@@ -579,7 +584,7 @@ pfkey_ipsec_establish(struct peer *p)
+@@ -579,7 +583,7 @@ pfkey_ipsec_establish(struct peer *p)
  	case AUTH_IPSEC_MANUAL_AH:
  		satype = p->auth.method == AUTH_IPSEC_MANUAL_ESP ?
  		    SADB_SATYPE_ESP : SADB_SATYPE_AH;
@@ -236,7 +228,7 @@ diff -u -p -r1.54 pfkey.c
  		    &p->auth.local_addr, &p->conf.remote_addr,
  		    p->auth.spi_out,
  		    p->conf.auth.auth_alg_out,
-@@ -590,9 +595,9 @@ pfkey_ipsec_establish(struct peer *p)
+@@ -590,9 +594,9 @@ pfkey_ipsec_establish(struct peer *p)
  		    p->conf.auth.enc_key_out,
  		    0, 0) < 0)
  			return (-1);
@@ -248,7 +240,7 @@ diff -u -p -r1.54 pfkey.c
  		    &p->conf.remote_addr, &p->auth.local_addr,
  		    p->auth.spi_in,
  		    p->conf.auth.auth_alg_in,
-@@ -603,7 +608,7 @@ pfkey_ipsec_establish(struct peer *p)
+@@ -603,7 +607,7 @@ pfkey_ipsec_establish(struct peer *p)
  		    p->conf.auth.enc_key_in,
  		    0, 0) < 0)
  			return (-1);
@@ -257,7 +249,7 @@ diff -u -p -r1.54 pfkey.c
  			return (-1);
  		break;
  	default:
-@@ -611,28 +616,28 @@ pfkey_ipsec_establish(struct peer *p)
+@@ -611,28 +615,28 @@ pfkey_ipsec_establish(struct peer *p)
  		break;
  	}
  
@@ -294,7 +286,7 @@ diff -u -p -r1.54 pfkey.c
  		return (-1);
  
  	p->auth.established = 1;
-@@ -655,20 +660,20 @@ pfkey_ipsec_remove(struct peer *p)
+@@ -655,20 +659,20 @@ pfkey_ipsec_remove(struct peer *p)
  	case AUTH_IPSEC_MANUAL_AH:
  		satype = p->auth.method == AUTH_IPSEC_MANUAL_ESP ?
  		    SADB_SATYPE_ESP : SADB_SATYPE_AH;
@@ -319,7 +311,7 @@ diff -u -p -r1.54 pfkey.c
  			return (-1);
  		break;
  	default:
-@@ -676,28 +681,28 @@ pfkey_ipsec_remove(struct peer *p)
+@@ -676,28 +680,28 @@ pfkey_ipsec_remove(struct peer *p)
  		break;
  	}
  
@@ -356,7 +348,7 @@ diff -u -p -r1.54 pfkey.c
  		return (-1);
  
  	p->auth.established = 0;
-@@ -740,16 +745,78 @@ pfkey_remove(struct peer *p)
+@@ -740,16 +744,78 @@ pfkey_remove(struct peer *p)
  }
  
  int
@@ -445,7 +437,7 @@ RCS file: /cvs/src/usr.sbin/bgpd/session.c,v
 retrieving revision 1.378
 diff -u -p -r1.378 session.c
 --- src/usr.sbin/bgpd/session.c	7 Apr 2019 10:52:30 -0000	1.378
-+++ src/usr.sbin/bgpd/session.c	11 Apr 2019 14:41:57 -0000
++++ src/usr.sbin/bgpd/session.c	15 Apr 2019 08:49:59 -0000
 @@ -52,8 +52,7 @@
  #define PFD_PIPE_ROUTE_CTL	2
  #define PFD_SOCK_CTL		3
@@ -545,7 +537,25 @@ diff -u -p -r1.378 session.c
  			peer->stats.last_sent_errcode = 0;
  			peer->stats.last_sent_suberr = 0;
  
-@@ -986,7 +958,6 @@ void
+@@ -909,6 +881,8 @@ change_state(struct peer *peer, enum ses
+ 		free(peer->rbuf);
+ 		peer->rbuf = NULL;
+ 		bzero(&peer->capa.peer, sizeof(peer->capa.peer));
++		imsg_compose(ibuf_main, IMSG_PFKEY_RELOAD, peer->conf.id,
++		    0, -1, NULL, 0);
+ 
+ 		if (event != EVNT_STOP) {
+ 			timer_set(peer, Timer_IdleHold, peer->IdleHoldTime);
+@@ -953,6 +927,8 @@ change_state(struct peer *peer, enum ses
+ 		}
+ 		break;
+ 	case STATE_ACTIVE:
++		imsg_compose(ibuf_main, IMSG_PFKEY_RELOAD, peer->conf.id,
++		    0, -1, NULL, 0);
+ 		break;
+ 	case STATE_OPENSENT:
+ 		break;
+@@ -986,7 +962,6 @@ void
  session_accept(int listenfd)
  {
  	int			 connfd;
@@ -553,7 +563,7 @@ diff -u -p -r1.378 session.c
  	socklen_t		 len;
  	struct sockaddr_storage	 cliaddr;
  	struct peer		*p = NULL;
-@@ -1032,23 +1003,9 @@ open:
+@@ -1032,23 +1007,9 @@ open:
  			return;
  		}
  
@@ -580,7 +590,7 @@ diff -u -p -r1.378 session.c
  		}
  		p->fd = p->wbuf.fd = connfd;
  		if (session_setup_socket(p)) {
-@@ -1072,7 +1029,6 @@ open:
+@@ -1072,7 +1033,6 @@ open:
  int
  session_connect(struct peer *peer)
  {
@@ -588,7 +598,7 @@ diff -u -p -r1.378 session.c
  	struct sockaddr		*sa;
  	socklen_t		 sa_len;
  
-@@ -1098,20 +1054,7 @@ session_connect(struct peer *peer)
+@@ -1098,20 +1058,7 @@ session_connect(struct peer *peer)
  		return (-1);
  	}
  
@@ -610,13 +620,32 @@ diff -u -p -r1.378 session.c
  	peer->wbuf.fd = peer->fd;
  
  	/* if update source is set we need to bind() */
+@@ -3237,6 +3184,11 @@ merge_peers(struct bgpd_config *c, struc
+ 		if (p->demoted && !p->conf.demote_group[0])
+ 			session_demote(p, -1);
+ 
++		/* if session is not open then refresh pfkey data */
++		if (p->state < STATE_OPENSENT)
++			imsg_compose(ibuf_main, IMSG_PFKEY_RELOAD,
++			    p->conf.id, 0, -1, NULL, 0);
++
+ 		/* sync the RDE in case we keep the peer */
+ 		if (imsg_rde(IMSG_SESSION_ADD, p->conf.id,
+ 		    &p->conf, sizeof(struct peer_config)) == -1)
+@@ -3257,5 +3209,6 @@ merge_peers(struct bgpd_config *c, struc
+ 		}
+ 	}
+ 
++	/* pfkeys of new peers already loaded by the parent process */
+ 	TAILQ_CONCAT(&c->peers, &nc->peers, entry);
+ }
 Index: src/usr.sbin/bgpd/session.h
 ===================================================================
 RCS file: /cvs/src/usr.sbin/bgpd/session.h,v
 retrieving revision 1.136
 diff -u -p -r1.136 session.h
 --- src/usr.sbin/bgpd/session.h	7 Apr 2019 10:52:30 -0000	1.136
-+++ src/usr.sbin/bgpd/session.h	11 Apr 2019 14:41:57 -0000
++++ src/usr.sbin/bgpd/session.h	15 Apr 2019 08:49:59 -0000
 @@ -282,7 +282,10 @@ struct bgpd_config *parse_config(char *,
  int	pfkey_read(int, struct sadb_msg *);
  int	pfkey_establish(struct peer *);