+++ This bug was initially created as a clone of Bug #1883666 +++
As of libreswan 4.0, the NSS database used is moved from /etc/ipsec.d to /var/lib/nss/ipsec/
This requires a selinux policy addition:
--- Additional comment from Remco Luitwieler on 2020-11-06 06:02:28 UTC ---
Fedora 32 has the same problem
--- Additional comment from Stuart on 2020-11-06 11:05:55 UTC ---
I'm also experiencing this on Fedora 32 after downgrading(reinstalling) from 33
--- Additional comment from Paul Wouters on 2020-11-06 13:38:39 UTC ---
as a workaround, you can specify nssdir=/etc/ipsec.d in /etc/ipsec.conf in "config setup"
--- Additional comment from Stuart on 2020-11-06 13:44:16 UTC ---
Thats good to know. I've already posted this on the libswan's github tracker and a kind sole there gave me the following SELinux workaround:
semanage fcontext --add --type ipsec_key_file_t '/var/lib/ipsec(/.*)?'
restorecon -rv /var/lib/ipsec
And to undo after the package is fixed
semanage fcontext --delete --type ipsec_key_file_t '/var/lib/ipsec(/.*)?'
Waiting for the fix being agreed on in
The fix should be a part of the next package build.
*** This bug has been marked as a duplicate of bug 1883666 ***