[CentOS-devel] nssdb is pointing to /etc/ipsec.d but it needs to point to the /usr/local/platform/.security/ipsec path provided in /etc/ipsec.conf

Tue May 15 06:24:57 UTC 2018
Veetil, Vyshnav <Vyshnav.Veetil at harman.com>

Hi,
We are getting problem with ipsec connection in Centos7.4
Libreswan is unable to read the nssdir path /usr/local/platform/.security/ipsec instead always trying to only read /etc/ipsec.d  Also, want to mention that /etc/ipsec.conf already has ipsecdir=/usr/local/platform/.security/ipsec  which was working earlier with CentOS 7.3.
In CentOS 7.3 libreswan-3.15-8.el7.x86_64 is used.
In CentOS 7.4 libreswan-3.20-3.el7.x86_64 is used.

What has been changed in libreswan-3.20-3.el7.x86_64 packages?

For overcoming the pluto related issue, I have done some changes in configuration file.
I have removed the --stderrlog=directory in /etc/ipsec.conf
And also replaced auth=esp and esp=aes128-sha1 with phase2alg=aes128-sha1 in /etc/ipsec.d/conf/71221031513.conf file .
And manually started ipsec service.

Please find the attachment for the ipsec status and ipsec verify.
Please help us to find the route cause.

Thanks and Regards,
Vyshnav.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20180515/219021e5/attachment-0007.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec_status
Type: application/octet-stream
Size: 6233 bytes
Desc: ipsec_status
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20180515/219021e5/attachment-0014.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec_verify
Type: application/octet-stream
Size: 1701 bytes
Desc: ipsec_verify
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20180515/219021e5/attachment-0015.obj>