[Expired for strongswan (Ubuntu) because there has been no activity for
60 days.]
** Changed in: strongswan (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
Hi Philipp,
Thank you for taking the time to file a bug report.
I was not able to reproduce the issue reported by you using the default
configuration provided by the packages. Could you please provide your
configuration files? They should live in:
- /etc/strongswan.d/
- /etc/swanctl/
- /etc/stro
That file is not relevant for swanctl (unless it was manually included,
check the main strongswan.conf file). Check the output of `swanctl
--help` (lists the plugins), use strace to see when exactly that access
happens.
--
You received this bug notification because you are a member of Ubuntu
Bugs
# grep -R kernel-libipsec /etc/strongswan.* /etc/swanctl/
/etc/strongswan.d/charon/kernel-libipsec.conf:kernel-libipsec {
The whole file /etc/strongswan.d/charon/kernel-libipsec.conf:
kernel-libipsec {
load = no
}
Anything else that I could check?
--
You received this bug notification becau
There are only three components in strongSwan that open TUN devices,
charon-xpc (on macOS), the kernel-pfroute plugin (also not on Linux but
macOS and *BSD) and kernel-libipsec, as pointed out by Simon. However,
swanctl has no business loading kernel plugins (it doesn't by default),
as it is no IKE
If the libipsec plugin is not loaded then I cannot explain why it would
try to use /dev/net/tun so it's hard to make a case of extending the
profile.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/18755
No, I'm not running kernel-libipsec.
My configured ipsec connections work despite the apparmor deny action.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875504
Title:
apparmor="DENIED" operation=
I suspect you using kernel-libipsec which would explain why you are
running into this, right? Could you please try the following:
cat << EOF | sudo tee -a /etc/apparmor.d/local/usr.sbin.swanctl
# libcharon-extra-plugins: kernel-libipsec
/dev/net/tun rw,
EOF
sudo apparmor_parser -r