On Fri, 23 Oct 2020, Brian McKee wrote:
Thanks Doug!I'll open a ticket with the gentoo devs!
They can compile with FINALNSSDIR=/etc/ipsec.d to keep the nss files at the same location if they prefer that. Note that libreswan-4.x also no longer builds support for DH2, and some NM-libreswan plugins tried to use dh2+dh5 for IKEv1. So you might also be running into that. That required a fix to NM-libreswan in fedora at least. Paul
On Fri, Oct 23, 2020 at 5:04 AM Douglas Kosovic <[email protected]> wrote: Hi Brian, With Libreswan >= 4.0, the default NSS database files (*.db) have moved from /etc/ipsec.d to /var/lib/ipsec/nss Try the following Libreswan command to see if you get an error : $ sudo ipsec initnss ERROR: destination directory "/var/lib/ipsec/nss" is missing or permission denied pkg_postinst() in the gentoo ebuild is still using /etc/ipsec.d for the NSS database files : https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/libreswan/libreswan-4.1.ebuild you could fix the aforementioned pkg_postinst(), or issue the following as a workaround: sudo mkdir -p /var/lib/ipsec/nss sudo chmod 700 /var/lib/ipsec/nss then try sudo ipsec initnss again. If you are using SELinux or AppArmor, a new rule might be required for /var/lib/ipsec/nss Cheers, Doug From: Swan <[email protected]> On Behalf Of Brian McKee Sent: Friday, 23 October 2020 6:06 PM To: [email protected] Subject: [Swan] Issue with networkmanager and l2tp Hello everyone, I'm a Gentoo linux user. My work uses a linux based VPN server (Centos 7) that is probably pretty out of date. It uses l2tp protocol. My Gentoo box is running Networkmanager 1.26.0 and until a recent update I was running libreswan-3.32-r1 which contains a patch to fix an NSS version issue. libreswan-3.32 without the patch fails to connect to my work because of the NSS issue. Networkmanager requires libreswan for l2tp protocol connections. In the latest update of my machine libreswan 4.1 installed and I could no longer connect to work. There was absolutely no useful messages from Networkmanager. This is what I got in /var/log/messages: Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4884] audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=5647 uid=1000 result ="success" Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4920] vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Started the VPN service, PID 10712 Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4984] vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Saw the service appear; activating connection Oct 22 21:30:17 threads NetworkManager[4579]: <info> [1603427417.1234] audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 result="success" Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7335] vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN plugin: state changed: stopped (6) Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7361] vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN service disappeared Oct 22 21:30:27 threads NetworkManager[4579]: <warn> [1603427427.7372] vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying' I figure I have a configuration issue, except that it works fine with the old version of libreswan. I'm hoping you guys have some idea what I'm talking about. I can email you any information on my machine and I can probably get the configuration for the (openvpn, I think) VPN server. I know that me using the old version of libreswan is eventually going to become a problem so I'd like to proactively figure out what's wrong and fix my system so my work flow isn't interrupted. I don't hand edit the config files, I let KDE configure network manager, so I figure there is something I need to change in that configuration. Anyway, thanks for reading and thanks in advance for any help you can offer. _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan -- -- Consciousness moves everything.
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
