Hi, I've just built SSwan from 5.6.1 source and tried to build a Network manager plugin ( Ubuntu . 16.04.3 ) . Unfortunately although my CLI settings work, my NM plugin fails every time.
I've built sswan using ./configure --sysconfdir=/etc --prefix=/usr --libexecdir=/usr/lib --disable-aes --disable-des --disable-md5 --disable-sha1 --disable-sha2 --disable-fips-prf --disable-gmp --enable-openssl --enable-nm --enable-agent --enable-eap-mschapv2 --enable-eap-identity --enable-curl --enable-eap-peap --with-nm-ca-dir=/etc/ipsec.d/cacerts where --with-nm-ca-dir points to the directory with the root and intermediate CA files for our sswan server I also set /etc/strongswan.conf charon-nm.ca_dir = /etc/ipsec.d/cacerts When building Network manager plugin I use ./configure --sysconfdir=/etc --prefix=/usr --with-charon=/usr/lib/ipsec/charon-nm >From the command line everything works and I can establish a VPN However from the NM plugin it fails every time. looking in /var/log/syslog, I find the following charon-nm logs ons/Alex4 (a58e8483-c113-4143-a7d2-08c8cbbb1ff3,"Alex4") Nov 30 12:05:11 deadpool NetworkManager[32238]: <info> [1512043511.1766] vpn-connection[0xfcf760,a58e8483-c113-4143-a7d2-08c8cbbb1ff3,"Alex4",0]: VPN connection: (ConnectInteractive) reply received Nov 30 12:05:11 deadpool charon-nm: 05[CFG] received initiate for NetworkManager connection Alex4 Nov 30 12:05:11 deadpool charon-nm: 05[LIB] opening directory '/usr/ssl-certs/mozilla' failed: No such file or directory Nov 30 12:05:11 deadpool charon-nm: 05[CFG] using CA certificate, gateway identity 'vpn.york.ac.uk' Nov 30 12:05:11 deadpool charon-nm: 05[IKE] initiating IKE_SA Alex4[9] to 144.32.128.199 Nov 30 12:05:11 deadpool charon-nm: 05[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Nov 30 12:05:11 deadpool charon-nm: 05[NET] sending packet: from 144.32.230.152[53229] to 144.32.128.199[500] (75 Now the thin is that in a pervious build I had --with-nm-ca-dir=/etc/ssl-certs/mozilla So whatever I'm doing now is still picking up that value instead of looking in /etc/ipsec.d/cacerts. I've done a make distclean in both the strongswan source and the network manager source. before running ./configure... ; make;make install What do i have to do to make the plugin use my new value ?