I can confirm NetworkManager-l2tp is working fine with the following yakkety-proposed packages:
strongswan_5.3.5-1ubuntu4.1_all
strongswan-charon_5.3.5-1ubuntu4.1_amd64
strongswan-libcharon_5.3.5-1ubuntu4.1_amd64
strongswan-starter_5.3.5-1ubuntu4.1_amd64
libstrongswan_5.3.5-1ubuntu4.1_amd64
libstrongswan-standard-plugins_5.3.5-1ubuntu4.1_amd64
Only strongswan AppArmor related messages I see are just status messages which are fine :
Having said that, on Yakkety Yak with the stock strongswan_5.3.5-1ubuntu4 packages, (unlike Xenial Xerus) I'm able to establish a VPN connection with NetworkManager-l2tp even though I see lots of the following AppArmor denied messages :
I can confirm NetworkManager-l2tp is working fine with the following yakkety-proposed packages: 5.3.5-1ubuntu4. 1_all charon_ 5.3.5-1ubuntu4. 1_amd64 libcharon_ 5.3.5-1ubuntu4. 1_amd64 starter_ 5.3.5-1ubuntu4. 1_amd64 _5.3.5- 1ubuntu4. 1_amd64 -standard- plugins_ 5.3.5-1ubuntu4. 1_amd64
strongswan_
strongswan-
strongswan-
strongswan-
libstrongswan
libstrongswan
Only strongswan AppArmor related messages I see are just status messages which are fine :
Feb 18 11:50:32 ubuntu audit[506]: AVC apparmor="STATUS" operation= "profile_ load" profile= "unconfined" name="/ usr/lib/ ipsec/charon" pid=506 comm="apparmor_ parser" "profile_ load" profile= "unconfined" name="/ usr/lib/ ipsec/stroke" pid=507 comm="apparmor_ parser"
Feb 18 11:50:32 ubuntu audit[507]: AVC apparmor="STATUS" operation=
Having said that, on Yakkety Yak with the stock strongswan_ 5.3.5-1ubuntu4 packages, (unlike Xenial Xerus) I'm able to establish a VPN connection with NetworkManager-l2tp even though I see lots of the following AppArmor denied messages :
Feb 18 11:43:33 ubuntu audit[4002]: AVC apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile= "/usr/lib/ ipsec/charon" name="run/ systemd/ journal/ dev-log" pid=4002 comm="charon" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
But I think strongswan 5.3.5-1ubuntu4.1 is definitely worthwhile to get rid of those AppArmor denied messages.