IPsec daemon blocked after upgrade
Steps to reproduce
- Install and configure an IPsec tunnel on ns6
- Run the upgrade tool
The IPsec tunnel is still up after upgrade
The "ipsec" service does not start. Errors
Nov 09 13:40:33 mail.example.it pluto: NSS Password file "/etc/ipsec.d/nsspassword" for token "NSS Nov 09 13:40:33 mail.example.it pluto: authentication of "NSS Certificate DB" failed
(confirmed) old configuration files from ns6 are still present after upgrade. We must clean up them, before installing the new RPM.
mv cert*.* key*.* nsspassword* migration/
also `ipsec.conf` and `ipsec.secrets` must be removed.
#1 Updated by Davide Principi 2 months ago
Check and fix ipsec.secrets after post-upgrade:
[root@mail ~]# rpm -V libreswan S.5....T. c /etc/ipsec.secrets [root@mail ~]# echo 'include /etc/ipsec.d/*.secrets' > /etc/ipsec.secrets [root@mail ~]# rpm -V libreswan .......T. c /etc/ipsec.secrets rm -f /etc/ipsec.d/*.db