Ubuntu
strongswan package

  1. Bug #1587886
  2. Comment #42

Comment 42 for bug 1587886

Revision history for this message
Jethro Beekman (jethrogb) wrote :

I think I'm running into the same issue, although I'm not using NetworkManager.

I just installed strongswan and configured a VPN manually in /etc/ipsec.conf

I'm getting the following errors when trying to start strongswan 5.3.5-1ubuntu3.1 using systemctl:

Feb 17 14:11:13 skipton systemd[1]: Starting strongSwan IPsec services...
-- Subject: Unit strongswan.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit strongswan.service has begun starting up.
Feb 17 14:11:13 skipton ipsec[7767]: Starting strongSwan 5.3.5 IPsec [starter]...
Feb 17 14:11:13 skipton ipsec_starter[7767]: Starting strongSwan 5.3.5 IPsec [starter]...
Feb 17 14:11:13 skipton systemd[1]: Started strongSwan IPsec services.
-- Subject: Unit strongswan.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit strongswan.service has finished starting up.
--
-- The start-up result is done.
Feb 17 14:11:13 skipton charon[7783]: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-31-generic, x
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Feb 17 14:11:13 skipton audit[7783]: AVC apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/var/run/charon.ctl" pid=7783 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Feb 17 14:11:13 skipton audit[7783]: AVC apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/var/run/charon.pid" pid=7783 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Feb 17 14:11:13 skipton charon[7783]: 00[NET] binding socket 'unix:///var/run/charon.ctl' failed: Permission denied
Feb 17 14:11:13 skipton charon[7783]: 00[CFG] creating stroke socket failed
Feb 17 14:11:13 skipton charon[7783]: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random no
Feb 17 14:11:13 skipton charon[7783]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Feb 17 14:11:13 skipton charon[7783]: 00[JOB] spawning 16 worker threads
Feb 17 14:11:13 skipton kernel: audit: type=1400 audit(1487369473.293:83): apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/var/run/charon.ctl" pid=7783 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Feb 17 14:11:13 skipton kernel: audit: type=1400 audit(1487369473.293:84): apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/var/run/charon.pid" pid=7783 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0