On Tue, 15 May 2018 10:43:31 +0000 "Veetil, Vyshnav" <[email protected]> wrote:
> Hi, > We are getting problem with ipsec connection in Centos7.4 > Libreswan is unable to read the nssdir > path /usr/local/platform/.security/ipsec instead always trying to > only read /etc/ipsec.d Also, want to mention that /etc/ipsec.conf > already has ipsecdir=/usr/local/platform/.security/ipsec which was > working earlier with CentOS 7.3. In CentOS 7.3 > libreswan-3.15-8.el7.x86_64 is used. In CentOS 7.4 > libreswan-3.20-3.el7.x86_64 is used. > > What has been changed in libreswan-3.20-3.el7.x86_64 packages? > > For overcoming the pluto related issue, I have done some changes in > configuration file. I have removed the --stderrlog=directory > in /etc/ipsec.conf And also replaced auth=esp and esp=aes128-sha1 > with phase2alg=aes128-sha1 in /etc/ipsec.d/conf/71221031513.conf > file . And manually started ipsec service. > > Please find the attachment for the ipsec status and ipsec verify. > > What is differnce between nssdir and ipsecdir if we are using > in /etc/ipsec.conf file Is this ipsecdir has been replaced in new > libreswan? ipsecdir is /etc/ipsec.d nssdir is by default /etc/ipsec.d but it can be pointed to different location for nss db like you have done. Note: nsspassword file should be in ipsecdir, only nss databases are in nssdir. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
