diff --git a/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py b/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py
index 4ac6dac00..227c99d06 100644
--- a/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py
+++ b/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py
@@ -17,7 +17,7 @@ import os.path
 
 import eventlet
 
-from neutron.i18n import _LE, _LW
+from neutron.i18n import _LE, _LI, _LW
 from oslo_config import cfg
 from oslo_log import log as logging
 
@@ -58,13 +58,21 @@ class LibreSwanProcess(ipsec.OpenSwanProcess):
 
         Initialise the nssdb, otherwise pluto daemon will fail to run.
         """
+
+        # Since we set ipsec.secrets to be owned by root, the standard
+        # mechanisms for setting up the config files will get a permission
+        # problem when attempting to overwrite the file, so we need to
+        # remove it first.
+        secrets_file = self._get_config_filename('ipsec.secrets')
+        if os.path.exists(secrets_file):
+            os.remove(secrets_file)
+
         super(LibreSwanProcess, self).ensure_configs()
 
         # LibreSwan uses the capabilities library to restrict access to
         # ipsec.secrets to users that have explicit access. Since pluto is
         # running as root and the file has 0600 perms, we must set the
         # owner of the file to root.
-        secrets_file = self._get_config_filename('ipsec.secrets')
         self._execute(['chown', '--from=%s' % os.getuid(), 'root:root',
                        secrets_file])
 
@@ -108,9 +116,11 @@ class LibreSwanProcess(ipsec.OpenSwanProcess):
                         return True
 
         except IOError as e:
-            LOG.error(_LE('Unable to check control files on startup for '
-                          'router %(router)s: %(msg)s'),
-                      {'router': self.id, 'msg': e})
+            # This is logged as "info" instead of error because it simply
+            # means that we couldn't find the files to check on them.
+            LOG.info(_LI('Unable to find control files on startup for '
+                         'router %(router)s: %(msg)s'),
+                     {'router': self.id, 'msg': e})
         return False
 
     def _cleanup_control_files(self):
diff --git a/neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py b/neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py
index 8435feae5..0a2cd20ff 100644
--- a/neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py
+++ b/neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py
@@ -1001,7 +1001,9 @@ class TestLibreSwanProcess(base.BaseTestCase):
             self.assertTrue(self.ipsec_process._process_running())
             self.assertTrue(log_mock.called)
 
-    def test_ensure_configs(self):
+    @mock.patch('os.remove')
+    @mock.patch('os.path.exists', return_value=True)
+    def test_ensure_configs_on_restart(self, exists_mock, remove_mock):
         openswan_ipsec.OpenSwanProcess.ensure_configs = mock.Mock()
         with mock.patch.object(self.ipsec_process, '_execute') as fake_execute:
             self.ipsec_process.ensure_configs()
@@ -1014,6 +1016,29 @@ class TestLibreSwanProcess(base.BaseTestCase):
                                    self.ipsec_process.etc_dir])]
             fake_execute.assert_has_calls(expected)
             self.assertEqual(3, fake_execute.call_count)
+            self.assertTrue(exists_mock.called)
+            self.assertTrue(remove_mock.called)
+
+    @mock.patch('os.remove')
+    @mock.patch('os.path.exists', return_value=False)
+    def test_ensure_configs(self, exists_mock, remove_mock):
+        openswan_ipsec.OpenSwanProcess.ensure_configs = mock.Mock()
+        with mock.patch.object(self.ipsec_process, '_execute') as fake_execute:
+            self.ipsec_process.ensure_configs()
+            expected = [mock.call(['chown', '--from=%s' % os.getuid(),
+                                   'root:root',
+                                   self.ipsec_process._get_config_filename(
+                                       'ipsec.secrets')]),
+                        mock.call(['ipsec', '_stackmanager', 'start']),
+                        mock.call(['ipsec', 'checknss',
+                                   self.ipsec_process.etc_dir])]
+            fake_execute.assert_has_calls(expected)
+            self.assertEqual(3, fake_execute.call_count)
+            self.assertTrue(exists_mock.called)
+            self.assertFalse(remove_mock.called)
+
+        exists_mock.reset_mock()
+        remove_mock.reset_mock()
 
         with mock.patch.object(self.ipsec_process, '_execute') as fake_execute:
             fake_execute.side_effect = [None, None, RuntimeError, None]
@@ -1029,6 +1054,8 @@ class TestLibreSwanProcess(base.BaseTestCase):
                                    self.ipsec_process.etc_dir])]
             fake_execute.assert_has_calls(expected)
             self.assertEqual(4, fake_execute.call_count)
+            self.assertTrue(exists_mock.called)
+            self.assertFalse(remove_mock.called)
 
 
 class IPsecStrongswanDeviceDriverLegacy(IPSecDeviceLegacy):