[Openswan Users] Openswan doesn't starts because pluto is down

Tuomo Soini tis at foobar.fi
Mon Jan 4 14:39:22 EST 2010

Jorge Jimenez wrote:
> Hi Ondrej,
> "certuil -H" isn't a valid option to certutil in my machine.
> I try:
> [root at pross-mon01 ~]# certutil -K

certutil -K -d /etc/ipsec.d

> [root at pross-mon01 ~]# certutil -L

certutil -L -d /etc/ipsec.d

> /var/log/secure contains 3 lines when I try to start ipsec:
> Jan  4 19:50:30 pross-mon01 ipsec__plutorun: Starting Pluto subsystem...
> Jan  4 19:50:30 pross-mon01 pluto[3035]: nss directory plutomain: sql:/etc/ipsec.d

I just fixed this in git. NSS support had hardcoded requirement for
latest NSPR/NSS than el5 has. Fix was to remove hardcoded sql: from nss
directory path.

> Jan  4 19:50:30 pross-mon01 pluto[3035]: NSS initialization failed (err -8174)

Try attached patch, it should fix your problem.

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan.git-b451d26f471a5348fa8e2d16d74dace588825ae4.patch
Type: text/x-patch
Size: 907 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20100104/d42213b0/attachment.bin 

More information about the Users mailing list