Bug #3449
IPsec daemon blocked after upgrade
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-ipsec | |||
Target version: | v6.10 | |||
Security class: | Resolution: | |||
Affected version: | v6.10 | NEEDINFO: | No |
Description
Steps to reproduce
- Install and configure an IPsec tunnel on ns6
- Run the upgrade tool
Expected behavior
The IPsec tunnel is still up after upgrade
Actual behavior
The "ipsec" service does not start. Errors
Nov 09 13:40:33 mail.example.it pluto[17074]: NSS Password file "/etc/ipsec.d/nsspassword" for token "NSS Nov 09 13:40:33 mail.example.it pluto[17074]: authentication of "NSS Certificate DB" failed
Workaround
(confirmed) old configuration files from ns6 are still present after upgrade. We must clean up them, before installing the new RPM.
mv cert*.* key*.* nsspassword* migration/
also `ipsec.conf` and `ipsec.secrets` must be removed.
Associated revisions
History
#1 Updated by Davide Principi over 2 years ago
Check and fix ipsec.secrets after post-upgrade:
[root@mail ~]# rpm -V libreswan S.5....T. c /etc/ipsec.secrets [root@mail ~]# echo 'include /etc/ipsec.d/*.secrets' > /etc/ipsec.secrets [root@mail ~]# rpm -V libreswan .......T. c /etc/ipsec.secrets rm -f /etc/ipsec.d/*.db
#2 Updated by Davide Principi over 2 years ago
- Assignee deleted (
Davide Principi)
In nethserver-testing 6.10
- nethserver-upgrade-tool-1.0.0-1.11.gbc26615.ns6.x86_64.rpm
#3 Updated by Davide Principi over 2 years ago
- Status changed from TRIAGED to MODIFIED
- % Done changed from 20 to 60
#4 Updated by Davide Principi over 2 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
#5 Updated by Davide Principi over 2 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
VERIFIED
#6 Updated by Davide Principi over 2 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates 6.10:
- nethserver-upgrade-tool-1.1.0-1.ns6.x86_64.rpm