From patchwork Mon Feb 14 08:39:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mohammad Heib X-Patchwork-Id: 1592326 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=E2yH6XTh; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JxyMw3Dmzz9s0r for ; Mon, 14 Feb 2022 19:40:12 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id EFADA402CE; Mon, 14 Feb 2022 08:40:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id budRVRbN9Ohs; Mon, 14 Feb 2022 08:40:09 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 3D440402C2; Mon, 14 Feb 2022 08:40:08 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 12167C0011; Mon, 14 Feb 2022 08:40:08 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id A9C7DC000B for ; Mon, 14 Feb 2022 08:40:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 8A77581345 for ; Mon, 14 Feb 2022 08:40:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cvSL5IsMg3nZ for ; Mon, 14 Feb 2022 08:40:06 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id 195208132B for ; Mon, 14 Feb 2022 08:40:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1644828004; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dcx4f4n1pEPRAs7cnVn5MCEMHFCg/J4xr2A9kELOTyQ=; b=E2yH6XTh++g8WJtpN70Aoj/uac5Mg42S/Iho2m6yVa7bS9D/idkPtlCZ6pRW63Hlp8XYjk T252HfX0qNg70phBops8vGf2RDD3bVud2Q042Dxu2P986GI9p9yRDfxjQ+4wgD1ActAN5M sPMfDChPsDI0XcjLh2NDvYBNMv3LWio= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-480-wvLJ7kXZOpGYYcDs9PPSkg-1; Mon, 14 Feb 2022 03:40:01 -0500 X-MC-Unique: wvLJ7kXZOpGYYcDs9PPSkg-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C00A9100C611 for ; Mon, 14 Feb 2022 08:40:00 +0000 (UTC) Received: from mheiblap.localdomain.com (unknown [10.35.206.224]) by smtp.corp.redhat.com (Postfix) with ESMTP id A22CA23771; Mon, 14 Feb 2022 08:39:50 +0000 (UTC) From: Mohammad Heib To: dev@openvswitch.org Date: Mon, 14 Feb 2022 10:39:47 +0200 Message-Id: <20220214083947.30774-1-mheib@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mheib@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] ovs-monitor-ipsec: LibreSwan update nssdb default path X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Currently ovs-monitor-ipsec script uses the old NSSDB path (/etc/ipsec.d) to store the connections keys and certificates and initiate these connections using ipsec command which in turn uses the NSSDB that located in the new location (see: https://github.com/libreswan/libreswan/issues/391) and that causes connection issues. This patch change the default NSSDB path in ovs-monitor-ipsec to match LibreSwan NSSDB default path. Signed-off-by: Mohammad Heib --- ipsec/ovs-monitor-ipsec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index a8b0705d9..78d390802 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -447,7 +447,7 @@ conn prevent_unencrypted_vxlan def __init__(self, libreswan_root_prefix, args): ipsec_conf = args.ipsec_conf if args.ipsec_conf else "/etc/ipsec.conf" - ipsec_d = args.ipsec_d if args.ipsec_d else "/etc/ipsec.d" + ipsec_d = args.ipsec_d if args.ipsec_d else "/var/lib/ipsec/nss" ipsec_secrets = (args.ipsec_secrets if args.ipsec_secrets else "/etc/ipsec.secrets") ipsec_ctl = (args.ipsec_ctl if args.ipsec_ctl