latest strongswan update is broken in 18.10

If installing the package doesn't restore ipsec.conf, then it's because it was removed outside the package's control, usually.

Could you check /var/log/apt/history.log to backtrack the packages you installed and upgrade to see if there is a clear way to reproduce this problem?

That being said, these error messages are intriguing:
modified.conffile..etc.ipsec.conf: [inaccessible: [Errno 13] Permission denied: '/etc/ipsec.conf']
modified.conffile..etc.ipsec.secrets: [inaccessible: [Errno 13] Permission denied: '/etc/ipsec.secrets']

That means at least at the time the bug was reported, the file existed.

I checked /var/log/apt/history.log and /var/log/apt/history.log.1.gz and only found references to when I tried to reinstall strongswan-starter_5.6.3-1ubuntu4.1_amd64.deb on Jan 13. I had tried Synaptic, and the .deb file downloaded from packages.ubuntu.com. Neither reinstalled the missing /etc/ipsec.conf file.

As far as I know strongswan/ipsec was running fine, as I monitor syslog closely. And it wasn't until the current updates that I saw it was broken. If /etc/ipsec.conf WAS missing, wouldn't a reinstall replace the missing file?

I missed the permissions messages. After manually restoring /etc/ipsec.conf from the .deb file, I set the permissions to 600, similar to the existing /etc/ipsec.secrets. I guess that must be wrong. I just changed them both to 644, similar to other files in /etc/ipsec.d.

If you need more information, please feel free to ask.

I forgot to mention... when I submitted the bug report, I had already manually restored /etc/ipsec.conf, so that's why it found that file.

Restoring config files from debs is not straightforward. We won't now know what removed it, but, for example, if a mistake happened and for some reason "rm -f /etc/ipsec.conf" was run, special flags have to be given to dpkg to restore a missing config.

Since you restored it already, there is nothing else to do here, but for future reference, this could help: https://askubuntu.com/questions/66533/how-can-i-restore-configuration-files

Why wouldn't reinstalling a package restore a .conf file, when the file is clearly in the .deb package, or when done via Synaptic?

I hadn't touched or deleted /etc/ipsec.conf. I only discovered the problem after strongswan updates were performed, and I noticed errors in my daily logwatch report.

Thanks for the link. But... boy are those methods complicated!

The problem comes when a file's existence or non-existence affects how a package behaves (such as /etc/defense-package/autorun/launch_nuclear_missiles). If the user removes such a file to control package behavior, and then an update re-adds the files, it would change the package behavior in a way the user doesn't want, each and every time the package gets a security update.

So, since we can't know if the file removal was intentional or not, debian packaging errs on the side of caution, and doesn't re-add the file.

In this particular case, of course, a missing conf file breaks the whole thing, but debian packaging doesn't have the level of sophistication to know the difference.

As to what actually caused the conf file to go missing in your case, there are unfortunately no logs or traces to help track down what actually happened, so unless it happens again in future and we can get more info, we don't really have a way to find a solution :/

[Expired for strongswan (Ubuntu) because there has been no activity for 60 days.]