It was selinux somehow. Putting vms in permissive solved it Sent from mobile device
> On Jun 16, 2019, at 23:43, Paul Wouters <p...@nohats.ca> wrote: > > > [root@west linux-audit-01]# certutil -d sql:/etc/ipsec.d -K > certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key > and Certificate Services" > < 0> rsa b49f1aac9e456e7929c881973a0c6ad37f0f0350 (orphan) > [root@west linux-audit-01]# echo '@psk-west-v2 @psk-east-v2: PSK > "ThisIsHereToMisMatch"' >> /etc/ipsec.secrets > [root@west linux-audit-01]# echo ': PSK "test"' >> /etc/ipsec.secrets > [root@west linux-audit-01]# ipsec start > Redirecting to: systemctl start ipsec.service > [root@west linux-audit-01]# /testing/pluto/bin/wait-until-pluto-started > [root@west linux-audit-01]# certutil -d sql:/etc/ipsec.d -K > certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key > and Certificate Services" > certutil: no keys found > > > I'm confused what is killing these. It does not seem to be ipsec checknss > which is called in the service file. > > Anyone else seeing this? > > I don't see any changes in the ipsec.service and the keys are there > after swan-prep finished. Once pluto is started, they are gone ? > > Paul > _______________________________________________ > Swan-dev mailing list > Swan-dev@lists.libreswan.org > https://lists.libreswan.org/mailman/listinfo/swan-dev _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
