Currently ovs-monitor-ipsec script uses the old NSSDB path (/etc/ipsec.d) to store the connections keys and certificates and initiate these connections using ipsec command which in turn uses the NSSDB that located in the new location (see: https://github.com/libreswan/libreswan/issues/391) and that causes connection issues.
This patch change the default NSSDB path in ovs-monitor-ipsec to match LibreSwan NSSDB default path. Signed-off-by: Mohammad Heib <[email protected]> --- ipsec/ovs-monitor-ipsec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index a8b0705d9..78d390802 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -447,7 +447,7 @@ conn prevent_unencrypted_vxlan def __init__(self, libreswan_root_prefix, args): ipsec_conf = args.ipsec_conf if args.ipsec_conf else "/etc/ipsec.conf" - ipsec_d = args.ipsec_d if args.ipsec_d else "/etc/ipsec.d" + ipsec_d = args.ipsec_d if args.ipsec_d else "/var/lib/ipsec/nss" ipsec_secrets = (args.ipsec_secrets if args.ipsec_secrets else "/etc/ipsec.secrets") ipsec_ctl = (args.ipsec_ctl if args.ipsec_ctl -- 2.34.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
