[Openswan Users] Downloaded the latest and greatest source ... now problems ?

jchludzinski jchludzinski at vivaldi.net
Fri Apr 5 19:53:13 EDT 2019 

I downloaded the latest and greatest source from 
https://www.openswan.org. I wanted to build openswan with support for 
NSS. This appears to have worked using the USE_LIBNSS environment 
variable.

Next:
$ set -x USE_LIBNSS true
(I use the fish shell, like all sane people).

Then:
$ make programs
$ sudo make install

Then I try:

~/openswan-2.6.51.3> sudo systemctl start ipsec

~/openswan-2.6.51.3> systemctl status ipsec

● ipsec.service - LSB: Start Openswan IPsec at boot time
    Loaded: loaded (/etc/init.d/ipsec; generated; vendor preset: enabled)
    Active: active (running) since Fri 2019-04-05 19:32:19 EDT; 16min ago
      Docs: man:systemd-sysv-generator(8)
   Process: 24261 ExecStop=/etc/init.d/ipsec stop (code=exited, 
status=0/SUCCESS)
   Process: 24360 ExecStart=/etc/init.d/ipsec start (code=exited, 
status=0/SUCCESS)
    CGroup: /system.slice/ipsec.service
            ├─24502 /bin/sh /usr/local/lib/ipsec/_plutorun --debug 
--uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no 
--nat_traversal yes --keep_alive --protostack auto --force_keepali
            ├─24503 logger -s -p daemon error -t ipsec__plutorun
            ├─24504 /bin/sh /usr/local/lib/ipsec/_plutorun --debug 
--uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no 
--nat_traversal yes --keep_alive --protostack auto --force_keepali
            ├─24505 /bin/sh /usr/local/lib/ipsec/_plutoload --wait no 
--post
            ├─24507 /usr/local/libexec/ipsec/pluto --nofork --secretsfile 
/etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids 
--nat_traversal --virtual_private %v4:10.0.0.0/8,%v4:192.168
            └─24518 _pluto_adns -- <idle>

Apr 05 19:32:20 raspberrypi pluto[24507]: adding interface lo/lo ::1:500 
(AF_INET6)
Apr 05 19:32:20 raspberrypi ipsec__plutorun[24503]: 002 adding interface 
lo/lo ::1:500 (AF_INET6)
Apr 05 19:32:20 raspberrypi pluto[24507]: loading secrets from 
"/etc/ipsec.secrets"
Apr 05 19:32:20 raspberrypi ipsec__plutorun[24503]: 002 loading secrets 
from "/etc/ipsec.secrets"
Apr 05 19:32:20 raspberrypi pluto[24507]: loading secrets from 
"/var/lib/openswan/ipsec.secrets.inc"
Apr 05 19:32:20 raspberrypi ipsec__plutorun[24503]: 002 loading secrets 
from "/var/lib/openswan/ipsec.secrets.inc"
Apr 05 19:32:20 raspberrypi pluto[24507]:     could not open host cert 
with nick name '/etc/ipsec.d/private/raspberrypiKey.pem' in NSS DB
Apr 05 19:32:20 raspberrypi ipsec__plutorun[24503]: 002     could not 
open host cert with nick name '/etc/ipsec.d/private/raspberrypiKey.pem' 
in NSS DB
Apr 05 19:32:20 raspberrypi pluto[24507]: 
"/var/lib/openswan/ipsec.secrets.inc" line 1: NSS certficate not found
Apr 05 19:32:20 raspberrypi ipsec__plutorun[24503]: 003 
"/var/lib/openswan/ipsec.secrets.inc" line 1: NSS certficate not found

How to I get past the final 4 messages?

More information about the Users mailing list