[Swan-dev] something killing raw keys in testing?
Paul Wouters
paul at nohats.ca
Mon Jun 17 04:31:34 UTC 2019
It was selinux somehow. Putting vms in permissive solved it
Sent from mobile device
> On Jun 16, 2019, at 23:43, Paul Wouters <paul at nohats.ca> wrote:
>
>
> [root at west linux-audit-01]# certutil -d sql:/etc/ipsec.d -K
> certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
> < 0> rsa b49f1aac9e456e7929c881973a0c6ad37f0f0350 (orphan)
> [root at west linux-audit-01]# echo '@psk-west-v2 @psk-east-v2: PSK "ThisIsHereToMisMatch"' >> /etc/ipsec.secrets
> [root at west linux-audit-01]# echo ': PSK "test"' >> /etc/ipsec.secrets
> [root at west linux-audit-01]# ipsec start
> Redirecting to: systemctl start ipsec.service
> [root at west linux-audit-01]# /testing/pluto/bin/wait-until-pluto-started
> [root at west linux-audit-01]# certutil -d sql:/etc/ipsec.d -K
> certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
> certutil: no keys found
>
>
> I'm confused what is killing these. It does not seem to be ipsec checknss which is called in the service file.
>
> Anyone else seeing this?
>
> I don't see any changes in the ipsec.service and the keys are there
> after swan-prep finished. Once pluto is started, they are gone ?
>
> Paul
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list