[openstack-dev] [Neutron][VPNaaS] Pluto failing with NSS error 8015 on redhat devstack
Anil Venkata
anil.venkata at enovance.com
Fri Apr 10 13:14:03 UTC 2015
Hi All
When I run vpnaas on Fedora, pluto is failing with error 8015( FATAL: NSS readonly initilization).
Is there any fix for this. I am using latest devstack on Fedora21. I am using ipsec Libreswan 3.12.
I tried a temporary fix from this link( https://bugzilla.redhat.com/show_bug.cgi?id=1158222 ) i.e
diff --git a/neutron/services/vpn/device_drivers/ipsec.py b/neutron/services/vpn
index c19b61e..22895fa 100644
--- a/neutron/services/vpn/device_drivers/ipsec.py
+++ b/neutron/services/vpn/device_drivers/ipsec.py
@@ -328,6 +328,14 @@ class OpenSwanProcess(BaseSwanProcess):
'ipsec.secrets',
self.conf.openswan.ipsec_secret_template,
self.vpnservice)
+ if not os.path.isfile(self.etc_dir + '/cert8.db'):
+ import subprocess
+ ret = subprocess.call(['/bin/certutil',
+ '-N',
+ '-d', self.etc_dir,
+ '--empty-password'
+ ])
+ LOG.info('ooo ret = %s' % str(ret))
But ip xfrm state & ip xfrm policy commands on the namespace are not showing any info.
Does neutron vpnaas has support for Libreswan?
Thanks
Anil
More information about the OpenStack-dev
mailing list