[openstack-dev] [Neutron][VPNaaS] Pluto failing with NSS error 8015 on redhat devstack

Anil Venkata anil.venkata at enovance.com
Fri Apr 10 13:14:03 UTC 2015

Hi All

When I run vpnaas on Fedora, pluto is failing with error 8015( FATAL: NSS readonly initilization).
Is there any fix for this. I am using latest devstack on Fedora21. I am using ipsec Libreswan 3.12.

I tried a temporary fix from this link( https://bugzilla.redhat.com/show_bug.cgi?id=1158222 ) i.e

diff --git a/neutron/services/vpn/device_drivers/ipsec.py b/neutron/services/vpn
index c19b61e..22895fa 100644
--- a/neutron/services/vpn/device_drivers/ipsec.py
+++ b/neutron/services/vpn/device_drivers/ipsec.py
@@ -328,6 +328,14 @@ class OpenSwanProcess(BaseSwanProcess):
+        if not os.path.isfile(self.etc_dir + '/cert8.db'):
+            import subprocess
+            ret = subprocess.call(['/bin/certutil',
+                        '-N',
+                        '-d', self.etc_dir,
+                        '--empty-password'
+                        ])
+            LOG.info('ooo ret = %s' % str(ret))

But ip xfrm state & ip xfrm policy commands on the namespace are not showing any info. 

Does neutron vpnaas has support for Libreswan? 


More information about the OpenStack-dev mailing list