Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I have same problem (Centos7/Liberty) and after some troubleshooting it seems that ipsec is trying to initialize db in wrong directory (sql:/etc/ipsec.d) instead of router namespace (sql:/var/lib/neutron/ipsec/<routerid>/etc/ipsec.d), changing /sbin/ipsec a bit fixed this for me:

diff -u6 /sbin/ipsec.org /sbin/ipsec

--- /sbin/ipsec.org 2016-05-04 09:51:36.440145790 +0300
+++ /sbin/ipsec 2016-05-04 09:49:52.224502975 +0300
@@ -236,12 +236,13 @@
        # NSS db location
        if [ "${2}" = "-d" -o "${2}" = "--configdir" ]; then
        IPSEC_NSSDIR="${3}"
             else
        IPSEC_NSSDIR="${2}"
        fi
+       IPSEC_NSSDIR_SQL="${IPSEC_NSSDIR}"
    fi
    if [ ! -d "${IPSEC_NSSDIR}" ]; then
        mkdir -p "${IPSEC_NSSDIR}"
    fi
    # if we have old database
    if [ -f "${IPSEC_NSSDIR}/cert8.db" -o \

ipsec --version

Linux Libreswan 3.15 (netkey) on 3.10.0-327.13.1.el7.x86_64

Disclaimer: I haven't fully tested above, if something breaks you can keep all the pieces

I have same problem (Centos7/Liberty) and after some troubleshooting it seems that ipsec is trying to initialize db in wrong directory (sql:/etc/ipsec.d) instead of router namespace (sql:/var/lib/neutron/ipsec/<routerid>/etc/ipsec.d), changing /sbin/ipsec a bit fixed this for me:

diff -u6 /sbin/ipsec.org /sbin/ipsec

--- /sbin/ipsec.org 2016-05-04 09:51:36.440145790 +0300
+++ /sbin/ipsec 2016-05-04 09:49:52.224502975 +0300
@@ -236,12 +236,13 @@
        # NSS db location
        if [ "${2}" = "-d" -o "${2}" = "--configdir" ]; then
        IPSEC_NSSDIR="${3}"
             else
        IPSEC_NSSDIR="${2}"
        fi
+       IPSEC_NSSDIR_SQL="${IPSEC_NSSDIR}"
IPSEC_NSSDIR_SQL="sql:${IPSEC_NSSDIR}"
    fi
    if [ ! -d "${IPSEC_NSSDIR}" ]; then
        mkdir -p "${IPSEC_NSSDIR}"
    fi
    # if we have old database
    if [ -f "${IPSEC_NSSDIR}/cert8.db" -o \

ipsec --version

Linux Libreswan 3.15 (netkey) on 3.10.0-327.13.1.el7.x86_64

Disclaimer: I haven't fully tested above, if something breaks you can keep all the pieces