[CentOS-devel] nssdb is pointing to /etc/ipsec.d but it needs to point to the /usr/local/platform/.security/ipsec path provided in /etc/ipsec.conf
Veetil, Vyshnav
Vyshnav.Veetil at harman.comTue May 15 06:24:57 UTC 2018
- Previous message: [CentOS-devel] Segfault on /usr/bin/strip
- Next message: [CentOS-devel] Fix for CVE-2018-7409
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, We are getting problem with ipsec connection in Centos7.4 Libreswan is unable to read the nssdir path /usr/local/platform/.security/ipsec instead always trying to only read /etc/ipsec.d Also, want to mention that /etc/ipsec.conf already has ipsecdir=/usr/local/platform/.security/ipsec which was working earlier with CentOS 7.3. In CentOS 7.3 libreswan-3.15-8.el7.x86_64 is used. In CentOS 7.4 libreswan-3.20-3.el7.x86_64 is used. What has been changed in libreswan-3.20-3.el7.x86_64 packages? For overcoming the pluto related issue, I have done some changes in configuration file. I have removed the --stderrlog=directory in /etc/ipsec.conf And also replaced auth=esp and esp=aes128-sha1 with phase2alg=aes128-sha1 in /etc/ipsec.d/conf/71221031513.conf file . And manually started ipsec service. Please find the attachment for the ipsec status and ipsec verify. Please help us to find the route cause. Thanks and Regards, Vyshnav. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20180515/219021e5/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: ipsec_status Type: application/octet-stream Size: 6233 bytes Desc: ipsec_status URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20180515/219021e5/attachment.obj> -------------- next part -------------- A non-text attachment was scrubbed... Name: ipsec_verify Type: application/octet-stream Size: 1701 bytes Desc: ipsec_verify URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20180515/219021e5/attachment-0001.obj>
- Previous message: [CentOS-devel] Segfault on /usr/bin/strip
- Next message: [CentOS-devel] Fix for CVE-2018-7409
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list