Did as you said and restarted apparmor but for me is the same.
Connection is established but no traffic goes thru.
root@vsrv-bicab-2u:/home/VPN# cat /etc/apparmor.d/usr.lib.ipsec.charon
# ------------------------------------------------------------------
#
# Copyright (C) 2016 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# Author: Jonathan Davies <email address hidden>
# Ryan Harper <email address hidden>
#
# ------------------------------------------------------------------
Hi Christian,
Did as you said and restarted apparmor but for me is the same.
Connection is established but no traffic goes thru.
root@vsrv- bicab-2u: /home/VPN# cat /etc/apparmor. d/usr.lib. ipsec.charon ------- ------- ------- ------- ------- ------- ------- ------- --- ------- ------- ------- ------- ------- ------- ------- ------- ---
# -------
#
# Copyright (C) 2016 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# Author: Jonathan Davies <email address hidden>
# Ryan Harper <email address hidden>
#
# -------
#include <tunables/global>
/usr/lib/ ipsec/charon flags=( attach_ disconnected) { nameservice> authentication> openssl> p11-kit>
#include <abstractions/base>
#include <abstractions/
#include <abstractions/
#include <abstractions/
#include <abstractions/
capability ipc_lock,
capability net_admin,
capability net_raw,
# allow priv dropping (LP: #1333655)
capability chown,
capability setgid,
capability setuid,
# libcharon- extra-plugins: xauth-pam
capability audit_write,
# libstrongswan- standard- plugins: agent
capability dac_override,
capability net_admin,
capability net_raw,
network,
network raw,
/bin/dash rmPUx,
# libchron- extra-plugins: kernel-libipsec
/dev/net/tun rw,
/etc/ipsec.conf r, ipsec.secrets r, ipsec.* .secrets r, ipsec.d/ crls/* rw, opensc/ opensc. conf r, strongswan. conf r, strongswan. d/ r, strongswan. d/** r,
/etc/
/etc/
/etc/ipsec.d/ r,
/etc/ipsec.d/** r,
/etc/
/etc/
/etc/
/etc/
/etc/
/etc/tnc_config r,
/proc/ sys/net/ core/xfrm_ acq_expires w,
/run/charon.* rw, pcscd/pcscd. comm rw,
/run/
/usr/ lib/ipsec/ charon rmix, lib/ipsec/ imcvs/ r, lib/ipsec/ imcvs/* * rm,
/usr/
/usr/
/usr/ lib/*/opensc- pkcs11. so rm,
/var/ lib/strongswan/ * r,
@{PROC} /@{pid} /fd/ r,
# Site-specific additions and overrides. See local/README for details. usr.lib. ipsec.charon>
#include <local/
}
root@vsrv- bicab-2u: /home/VPN# date
Thu Sep 27 15:28:13 UTC 2018
Sep 27 15:28:46 vsrv-bicab-2u charon: 12[IKE] IKE_SA l2tp-ikev2-rw-ah[1] established between 192.168.231.2[C=DE, O=KDLabs, CN=vpnclientAHL 2TP@kdlabs] ...192. 168.231. 1[192.168. 231.1] 6.282:80) : apparmor="DENIED" operation="unlink" profile= "/usr/lib/ ipsec/charon" name="/ etc/resolv. conf" pid=4190 comm="charon" requested_mask="d" denied_mask="d" fsuid=0 ouid=0 6.282:81) : apparmor="DENIED" operation="open" profile= "/usr/lib/ ipsec/charon" name="/ run/systemd/ resolve/ stub-resolv. conf" pid=4190 comm="charon" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=101 6.282:82) : apparmor="DENIED" operation="unlink" profile= "/usr/lib/ ipsec/charon" name="/ etc/resolv. conf" pid=4190 comm="charon" requested_mask="d" denied_mask="d" fsuid=0 ouid=0 6.282:83) : apparmor="DENIED" operation="open" profile= "/usr/lib/ ipsec/charon" name="/ run/systemd/ resolve/ stub-resolv. conf" pid=4190 comm="charon" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=101
Sep 27 15:28:46 vsrv-bicab-2u charon: 12[IKE] scheduling reauthentication in 9729s
Sep 27 15:28:46 vsrv-bicab-2u charon: 12[IKE] maximum IKE_SA lifetime 10269s
Sep 27 15:28:46 vsrv-bicab-2u charon: 12[IKE] adding DNS server failed
Sep 27 15:28:46 vsrv-bicab-2u charon: 12[IKE] adding DNS server failed
Sep 27 15:28:46 vsrv-bicab-2u charon: 12[CFG] handling INTERNAL_IP4_DNS attribute failed
Sep 27 15:28:46 vsrv-bicab-2u kernel: [10627.234397] audit: type=1400 audit(153806212
Sep 27 15:28:46 vsrv-bicab-2u kernel: [10627.234408] audit: type=1400 audit(153806212
Sep 27 15:28:46 vsrv-bicab-2u kernel: [10627.234519] audit: type=1400 audit(153806212
Sep 27 15:28:46 vsrv-bicab-2u kernel: [10627.234546] audit: type=1400 audit(153806212
Sep 27 15:28:46 vsrv-bicab-2u charon: 12[IKE] installing new virtual IP 192.168.219.5
Sep 27 15:28:46 vsrv-bicab-2u charon: 12[IKE] CHILD_SA l2tp-ikev2-rw-ah{1} established with SPIs c0607158_i c0806fbc_o and TS 192.168.219.4/30 === 192.168.219.0/30
Sep 27 15:28:46 vsrv-bicab-2u charon: 12[IKE] received AUTH_LIFETIME of 10160s, scheduling reauthentication in 9620s