it looks like strongswan is faking a nat situation if the kernel-libipsec is used, so there are only problems with transport & beet mode ..
btw: did you get this audit entries too? # grep audit /var/log/syslog Feb 16 07:56:31 kvm-xenial kernel: [240771.376037] audit: type=1400 audit(1455605791.501:866): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/31139/fd/" pid=31139 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Feb 16 08:20:30 kvm-xenial kernel: [242210.398331] audit: type=1400 audit(1455607230.525:867): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/31165/fd/" pid=31165 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Feb 16 08:37:04 kvm-xenial kernel: [243204.311072] audit: type=1400 audit(1455608224.480:868): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/31720/fd/" pid=31720 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Feb 16 08:41:09 kvm-xenial kernel: [243449.474502] audit: type=1400 audit(1455608469.642:869): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/31743/fd/" pid=31743 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Feb 16 08:41:30 kvm-xenial kernel: [243470.304749] audit: type=1400 audit(1455608490.474:870): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/31836/fd/" pid=31836 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1535951 Title: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
