Hi , Can you please explain the procedure for creating the nssdb in any custom location in Centos7.4. Also please find the attachment for the ipsec.conf which I am using in my setup.
I am using libreswan version -libreswan-3.20-3.el7.x86_64 Below is the procedure which I was following to create nssdb. 1. For creating nssdb in the custom location , we are using the command : certutil -N -d <custom location> -f <custom location>/nsspassword 2. for pointing the libreswan to read nssdb in the custom location , we are using : ipsecdir=<custom location> . Please find attached the content of ipsec.conf 3. For restarting pluto , after creating nssdb in the custom location, we are using the command : ipsec setup restart Alsp Please find the below mail for the better understanding of my query. I got this reply from libreswan developer community. Thanks and Regards, Vyshnav -------------------------------------------------------------------------------------------------------------------------------------------------------------- Message: 5 Date: Wed, 16 May 2018 09:56:57 +0300 From: Tuomo Soini <[email protected]> To: [email protected] Subject: Re: [Swan-dev] [EXTERNAL] Re: nssdb is pointing to /etc/ipsec.d but it needs to point to the /usr/local/platform/.security/ipsec path provided in /etc/ipsec.conf Message-ID: <[email protected]> Content-Type: text/plain; charset=US-ASCII On Wed, 16 May 2018 05:49:10 +0000 "Veetil, Vyshnav" <[email protected]> wrote: > Hi Paul, > Please find the details as below: > > 1. For creating nssdb in the custom location , we are using the > command : certutil -N -d <custom location> -f <custom > location>/nsspassword 2. for pointing the libreswan to read nssdb in > location>the custom location , we are using : ipsecdir=<custom > location>location> . Please find attached the content of ipsec.conf 3. > location>location> For restarting pluto , after creating nssdb in the > location>location> custom location, we are using the command : > location>location> ipsec setup restart > > Also please find the attachment for the ipsec.conf That will not work with 3.20 any more. nsspassword is searched from ipsecdir - because that is a config file for pluto, not nss. certificate databases are searched from nssdir So if you want to have both of those files in custom location, you should have both ipsecdir and nssdir pointing to same location. ps. I'd like to point this discussion is out of topic in swan-dev. Please use [email protected] list next time when you have questions about configuring libreswan. This list is dedicated to discussion of development of libreswan. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://clicktime.symantec.com/a/1/uOm95dtIYMq7WteQSea9OajBRmg_d_1Kwdk6ED9Z51E=?d=kZZZkYXlmcyXVtWp9v4ZUnE-8tGE7-NGxcFs0tD1eKGRC3O-NHkOPhr9japvVTPSXHYMPTWqy3bUSURqmx-McbyNJZmrZunGUAow_j5g9vjVGsUG2vJPvdobixPqPxcWE_V49FKJx8qWczLypko5O4xDIdEgOz7mV_nne7g_fhlL1Pcvn48bMZ7pjogS-YH4XzMIKFhX42m7rtUOhZLO6Z39fxcFRxaxrhLeUaseOuXLfnLPt4iD-y3u6Jse6aqXy2bdP0PuzwwoAg04SBj9wIwafKdMHs8HBj5AsFJBH0pvnfUZ8p8De-DHVq47zxn3_KpUMmfxlwBr7F7Fp8HKcn5H5gNbx5H-cv4Neuwh6GSAU0MQ7_TuOAur_Ip076BBAaWcEeOP1Hc4yb_wCwqIPD7OpA%3D%3D&u=https%3A%2F%2Ffoobar.fi%2F> ------------------------------ Subject: Digest Footer _______________________________________________ Swan-dev mailing list [email protected] https://clicktime.symantec.com/a/1/5y82EA6_ySM8YG8MDuhxJ3RNNQfmFgy9xJvW72pUeas=?d=kZZZkYXlmcyXVtWp9v4ZUnE-8tGE7-NGxcFs0tD1eKGRC3O-NHkOPhr9japvVTPSXHYMPTWqy3bUSURqmx-McbyNJZmrZunGUAow_j5g9vjVGsUG2vJPvdobixPqPxcWE_V49FKJx8qWczLypko5O4xDIdEgOz7mV_nne7g_fhlL1Pcvn48bMZ7pjogS-YH4XzMIKFhX42m7rtUOhZLO6Z39fxcFRxaxrhLeUaseOuXLfnLPt4iD-y3u6Jse6aqXy2bdP0PuzwwoAg04SBj9wIwafKdMHs8HBj5AsFJBH0pvnfUZ8p8De-DHVq47zxn3_KpUMmfxlwBr7F7Fp8HKcn5H5gNbx5H-cv4Neuwh6GSAU0MQ7_TuOAur_Ip076BBAaWcEeOP1Hc4yb_wCwqIPD7OpA%3D%3D&u=https%3A%2F%2Flists.libreswan.org%2Fmailman%2Flistinfo%2Fswan-dev ------------------------------ End of Swan-dev Digest, Vol 64, Issue 11 ****************************************
ipsec.conf
Description: ipsec.conf
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
