[Swan-dev] [EXTERNAL] Re: nssdb is pointing to /etc/ipsec.d but it needs to point to the /usr/local/platform/.security/ipsec path provided in /etc/ipsec.conf

[Veetil, Vyshnav]

Hi Paul,
Please find the details as below:

1. For creating nssdb in the custom location , we are using the command : certutil -N -d <custom location> -f <custom location>/nsspassword 2. for pointing the libreswan to read nssdb in the custom location , we are using : ipsecdir=<custom location> . Please find attached the content of ipsec.conf 3. For restarting pluto , after creating nssdb in the custom location, we are using the command : ipsec setup restart

Also please find the attachment for the ipsec.conf

Regards,
Vyshnav

-----Original Message-----
From: Paul Wouters [mailto:paul at nohats.ca] 
Sent: Wednesday, May 16, 2018 5:16 AM
To: Maheshwari, Shagun <Shagun.Maheshwari at Harman.com>
Cc: Veetil, Vyshnav <Vyshnav.Veetil at harman.com>; swan-dev at lists.libreswan.org
Subject: RE: [EXTERNAL] Re: [Swan-dev] nssdb is pointing to /etc/ipsec.d but it needs to point to the /usr/local/platform/.security/ipsec path provided in /etc/ipsec.conf

On Tue, 15 May 2018, Maheshwari, Shagun wrote:

> Can you tell us what has been fixed in libreswan 3.23 for nssdb issue?

Looking back through git and the changelog, it actually seems all those changes were already in 3.20.

So if you have a clear case of where it is not working, please share the exact details of how pluto is started and if it is using an ipsec.conf what, exactly what's in it. And if possible how you created the NSS DB at the non-standard location.

Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 1327 bytes
Desc: ipsec.conf
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20180516/852bb5bb/attachment.obj>