Comment 7 for bug 1878887

@Christian Re: rm_conffile, I don't think this is a config file issue (or is this command also used to remove shared libs/plugins? If so, then definitely make sure to remove old plugins). The config snippets in strongswan.d/charon are actually not relevant for charon-nm by default (charon-nm uses its own list of plugins, which is hard-coded during compilation to avoid clashes with e.g. different approaches to installing DNS servers - plugins can be disabled, though, by simply adding a plugin-specific load=no setting). If the server supports EAP-TTLS and that plugin is loaded by charon-nm, this should work on fresh and upgraded installs, by default, as the "new" charon-nm would not make any attempt to load the eap-peap plugin even if the shared library was still around. So if we assume the config snippet and plugin files were not removed during the upgrade, then the first part of Alex' workaround causes a problem (only due to the include would an attempt load load the eap-peap plugin be made) that the second part of it then "fixes". Removing all of that from strongswan.conf completely should achieve the same thing (and even load less of potentially conflicting plugins).

@Lucas The EAP-SIM/AKA plugins are probably not that useful on general purpose distros. They require a special server setup and client hardware (some plugins allow configuration via files/database, but those are mostly for test purposes). The xauth-noauth plugin was a workaround for an issue with iOS clients, in the seven years since it was introduced, Apple clients gained support for IKEv2 so that plugin is of not much use anymore.