[Swan-dev] nssdb is pointing to /etc/ipsec.d but it needs to point to the /usr/local/platform/.security/ipsec path provided in /etc/ipsec.conf

Tuomo Soini tis at foobar.fi
Tue May 15 12:54:49 UTC 2018

On Tue, 15 May 2018 10:43:31 +0000
"Veetil, Vyshnav" <Vyshnav.Veetil at harman.com> wrote:

> Hi,
> We are getting problem with ipsec connection in Centos7.4
> Libreswan is unable to read the nssdir
> path /usr/local/platform/.security/ipsec instead always trying to
> only read /etc/ipsec.d  Also, want to mention that /etc/ipsec.conf
> already has ipsecdir=/usr/local/platform/.security/ipsec  which was
> working earlier with CentOS 7.3. In CentOS 7.3
> libreswan-3.15-8.el7.x86_64 is used. In CentOS 7.4
> libreswan-3.20-3.el7.x86_64 is used.
> What has been changed in libreswan-3.20-3.el7.x86_64 packages?
> For overcoming the pluto related issue, I have done some changes in
> configuration file. I have removed the --stderrlog=directory
> in /etc/ipsec.conf And also replaced auth=esp and esp=aes128-sha1
> with phase2alg=aes128-sha1 in /etc/ipsec.d/conf/71221031513.conf
> file . And manually started ipsec service.
> Please find the attachment for the ipsec status and ipsec verify.
> What is differnce between nssdir and ipsecdir if we are using
> in /etc/ipsec.conf file Is this ipsecdir has been replaced in new
> libreswan?

ipsecdir is /etc/ipsec.d
nssdir is by default /etc/ipsec.d but it can be pointed to different
location for nss db like you have done.

Note: nsspassword file should be in ipsecdir, only nss databases are in

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>

More information about the Swan-dev mailing list