Thanks Doug! I'll open a ticket with the gentoo devs! On Fri, Oct 23, 2020 at 5:04 AM Douglas Kosovic <[email protected]> wrote:
> Hi Brian, > > > > With Libreswan >= 4.0, the default NSS database files (*.db) have moved > from /etc/ipsec.d to /var/lib/ipsec/nss > > > > Try the following Libreswan command to see if you get an error : > > > > $ sudo ipsec initnss > > ERROR: destination directory "/var/lib/ipsec/nss" is missing or > permission denied > > > > pkg_postinst() in the gentoo ebuild is still using /etc/ipsec.d for the > NSS database files : > > > https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/libreswan/libreswan-4.1.ebuild > > > > > > you could fix the aforementioned pkg_postinst(), or issue the following > as a workaround: > > > > sudo mkdir -p /var/lib/ipsec/nss > > sudo chmod 700 /var/lib/ipsec/nss > > > > then try sudo ipsec initnss again. > > > > If you are using SELinux or AppArmor, a new rule might be required for > /var/lib/ipsec/nss > > > > > > Cheers, > > Doug > > > > *From:* Swan <[email protected]> *On Behalf Of *Brian McKee > *Sent:* Friday, 23 October 2020 6:06 PM > *To:* [email protected] > *Subject:* [Swan] Issue with networkmanager and l2tp > > > > Hello everyone, > > > > I'm a Gentoo linux user. My work uses a linux based VPN server (Centos 7) > that is probably pretty out of date. It uses l2tp protocol. > > > > My Gentoo box is running Networkmanager 1.26.0 and until a recent update I > was running libreswan-3.32-r1 which contains a patch to fix an NSS version > issue. libreswan-3.32 without the patch fails to connect to my work because > of the NSS issue. > > > > Networkmanager requires libreswan for l2tp protocol connections. > > > > In the latest update of my machine libreswan 4.1 installed and I could no > longer connect to work. There was absolutely no useful messages from > Networkmanager. This is what I got in /var/log/messages: > > > > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4884] > audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" > name="wtec-SJ" pid=5647 uid=1000 result > ="success" > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4920] > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Started the VPN service, PID 10712 > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4984] > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Saw the service appear; activating > connection > Oct 22 21:30:17 threads NetworkManager[4579]: <info> [1603427417.1234] > audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 > result="success" > Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7335] > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN plugin: state changed: stopped > (6) > Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7361] > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN service disappeared > Oct 22 21:30:27 threads NetworkManager[4579]: <warn> [1603427427.7372] > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN connection: failed to connect: > 'Message recipient disconnected from message bus without replying' > > I figure I have a configuration issue, except that it works fine with the > old version of libreswan. > > > > I'm hoping you guys have some idea what I'm talking about. I can email you > any information on my machine and I can probably get the configuration for > the (openvpn, I think) VPN server. > > > > I know that me using the old version of libreswan is eventually going to > become a problem so I'd like to proactively figure out what's wrong and fix > my system so my work flow isn't interrupted. > > > > I don't hand edit the config files, I let KDE configure network manager, > so I figure there is something I need to change in that configuration. > > > > Anyway, thanks for reading and thanks in advance for any help you can > offer. > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan > -- -- Consciousness moves everything.
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
