Bug #3449: IPsec daemon blocked after upgrade - NethServer 6 - NethServer.org

Bug #3449

« Previous | Next »

IPsec daemon blocked after upgrade

Added by Davide Principi over 2 years ago. Updated over 2 years ago.

Status:

CLOSED

Start date:

Priority:

Normal

Due date:

Assignee:

% Done:

100%

Category:

nethserver-ipsec

Target version:

v6.10

Security class:

Resolution:

Affected version:

v6.10

NEEDINFO:

Description

Steps to reproduce

- Install and configure an IPsec tunnel on ns6
- Run the upgrade tool

Expected behavior

The IPsec tunnel is still up after upgrade

Actual behavior

The "ipsec" service does not start. Errors

    Nov 09 13:40:33 mail.example.it pluto[17074]: NSS Password file "/etc/ipsec.d/nsspassword" for token "NSS
    Nov 09 13:40:33 mail.example.it pluto[17074]: authentication of "NSS Certificate DB" failed

Workaround

(confirmed) old configuration files from ns6 are still present after upgrade. We must clean up them, before installing the new RPM.

mv cert*.* key*.* nsspassword* migration/

also `ipsec.conf` and `ipsec.secrets` must be removed.

Associated revisions

Revision cb9f2a25
Added by Davide Principi over 2 years ago

Fix ipsec startup error

Old ns6 configuration prevents ipsec to start correctly on ns7.

Refs #3449

History

#1 Updated by Davide Principi over 2 years ago

Check and fix ipsec.secrets after post-upgrade:

[root@mail ~]# rpm -V libreswan
S.5....T.  c /etc/ipsec.secrets
[root@mail ~]# echo 'include /etc/ipsec.d/*.secrets' > /etc/ipsec.secrets 
[root@mail ~]# rpm -V libreswan
.......T.  c /etc/ipsec.secrets
rm -f /etc/ipsec.d/*.db