I think I'm running into the same issue, although I'm not using NetworkManager.
I just installed strongswan and configured a VPN manually in /etc/ipsec.conf I'm getting the following errors when trying to start strongswan 5.3.5-1ubuntu3.1 using systemctl: Feb 17 14:11:13 skipton systemd[1]: Starting strongSwan IPsec services... -- Subject: Unit strongswan.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit strongswan.service has begun starting up. Feb 17 14:11:13 skipton ipsec[7767]: Starting strongSwan 5.3.5 IPsec [starter]... Feb 17 14:11:13 skipton ipsec_starter[7767]: Starting strongSwan 5.3.5 IPsec [starter]... Feb 17 14:11:13 skipton systemd[1]: Started strongSwan IPsec services. -- Subject: Unit strongswan.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit strongswan.service has finished starting up. -- -- The start-up result is done. Feb 17 14:11:13 skipton charon[7783]: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-31-generic, x Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Feb 17 14:11:13 skipton audit[7783]: AVC apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/var/run/charon.ctl" pid=7783 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 Feb 17 14:11:13 skipton audit[7783]: AVC apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/var/run/charon.pid" pid=7783 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading crls from '/etc/ipsec.d/crls' Feb 17 14:11:13 skipton charon[7783]: 00[CFG] loading secrets from '/etc/ipsec.secrets' Feb 17 14:11:13 skipton charon[7783]: 00[NET] binding socket 'unix:///var/run/charon.ctl' failed: Permission denied Feb 17 14:11:13 skipton charon[7783]: 00[CFG] creating stroke socket failed Feb 17 14:11:13 skipton charon[7783]: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random no Feb 17 14:11:13 skipton charon[7783]: 00[LIB] dropped capabilities, running as uid 0, gid 0 Feb 17 14:11:13 skipton charon[7783]: 00[JOB] spawning 16 worker threads Feb 17 14:11:13 skipton kernel: audit: type=1400 audit(1487369473.293:83): apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/var/run/charon.ctl" pid=7783 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 Feb 17 14:11:13 skipton kernel: audit: type=1400 audit(1487369473.293:84): apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/var/run/charon.pid" pid=7783 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1587886 Title: strongswan ipsec status issue with apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
