I think I'm running into the same issue, although I'm not using
NetworkManager.

I just installed strongswan and configured a VPN manually in
/etc/ipsec.conf

I'm getting the following errors when trying to start strongswan
5.3.5-1ubuntu3.1 using systemctl:

Feb 17 14:11:13 skipton systemd[1]: Starting strongSwan IPsec services...
-- Subject: Unit strongswan.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit strongswan.service has begun starting up.
Feb 17 14:11:13 skipton ipsec[7767]: Starting strongSwan 5.3.5 IPsec 
[starter]...
Feb 17 14:11:13 skipton ipsec_starter[7767]: Starting strongSwan 5.3.5 IPsec 
[starter]...
Feb 17 14:11:13 skipton systemd[1]: Started strongSwan IPsec services.
-- Subject: Unit strongswan.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit strongswan.service has finished starting up.
-- 
-- The start-up result is done.
Feb 17 14:11:13 skipton charon[7783]: 00[DMN] Starting IKE charon daemon 
(strongSwan 5.3.5, Linux 4.4.0-31-generic, x
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading ca certificates from 
'/etc/ipsec.d/cacerts'
Feb 17 14:11:13 skipton audit[7783]: AVC apparmor="DENIED" operation="mknod" 
profile="/usr/lib/ipsec/charon" name="/var/run/charon.ctl" pid=7783 
comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Feb 17 14:11:13 skipton audit[7783]: AVC apparmor="DENIED" operation="mknod" 
profile="/usr/lib/ipsec/charon" name="/var/run/charon.pid" pid=7783 
comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading aa certificates from 
'/etc/ipsec.d/aacerts'
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading ocsp signer certificates 
from '/etc/ipsec.d/ocspcerts'
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading attribute certificates 
from '/etc/ipsec.d/acerts'
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading crls from 
'/etc/ipsec.d/crls'
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading secrets from 
'/etc/ipsec.secrets'
Feb 17 14:11:13 skipton charon[7783]: 00[NET] binding socket 
'unix:///var/run/charon.ctl' failed: Permission denied
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] creating stroke socket failed
Feb 17 14:11:13 skipton charon[7783]: 00[LIB] loaded plugins: charon 
test-vectors aes rc2 sha1 sha2 md4 md5 random no
Feb 17 14:11:13 skipton charon[7783]: 00[LIB] dropped capabilities, running as 
uid 0, gid 0
Feb 17 14:11:13 skipton charon[7783]: 00[JOB] spawning 16 worker threads
Feb 17 14:11:13 skipton kernel: audit: type=1400 audit(1487369473.293:83): 
apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" 
name="/var/run/charon.ctl" pid=7783 comm="charon" requested_mask="c" 
denied_mask="c" fsuid=0 ouid=0
Feb 17 14:11:13 skipton kernel: audit: type=1400 audit(1487369473.293:84): 
apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" 
name="/var/run/charon.pid" pid=7783 comm="charon" requested_mask="c" 
denied_mask="c" fsuid=0 ouid=0

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to