So, I've noticed something else that may be relevant. My work's configuration actually has two DNS servers, which show up like so: installing DNS server 10.10.0.8 via resolvconf installing DNS server 10.10.0.2 via resolvconf However, I saw that there was some probability that it failed after either log message. In addition to that, there is a "leftupdown" script that makes an _additional_ call to resolvconf to setup the DNS search (and tear it down afterwards). I also (sometimes) locks up at these times, so I disabled that script and noticed more successful runs.
So, suspecting that the problem was with resolvconf I downgraded it to 1.79ubuntu8. That didn't do the trick, but these days resolvconf is managed by systemd - so I then downgraded systemd to 234-2ubuntu12.1 (except for a conflict with netplan.io, which I ignored). That "worked" in an interesting way, now it reliably connects and finishes - but sometimes it takes about 10 seconds to complete each resolvconf transaction. Based on this, I suspect that the issue is actually somehow in calling resolvconf (if I call resolvconf in a terminal then I don't see a lockup). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1786261 Title: strongswan ipsec fails to finish connection (hangs after installing DNS server via resolvconf) To manage notifications about this bug go to: https://bugs.launchpad.net/strongswan/+bug/1786261/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs