I can confirm NetworkManager-l2tp is working fine with the following yakkety-proposed packages: strongswan_5.3.5-1ubuntu4.1_all strongswan-charon_5.3.5-1ubuntu4.1_amd64 strongswan-libcharon_5.3.5-1ubuntu4.1_amd64 strongswan-starter_5.3.5-1ubuntu4.1_amd64 libstrongswan_5.3.5-1ubuntu4.1_amd64 libstrongswan-standard-plugins_5.3.5-1ubuntu4.1_amd64
Only strongswan AppArmor related messages I see are just status messages which are fine : Feb 18 11:50:32 ubuntu audit[506]: AVC apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/ipsec/charon" pid=506 comm="apparmor_parser" Feb 18 11:50:32 ubuntu audit[507]: AVC apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/ipsec/stroke" pid=507 comm="apparmor_parser" Having said that, on Yakkety Yak with the stock strongswan_5.3.5-1ubuntu4 packages, (unlike Xenial Xerus) I'm able to establish a VPN connection with NetworkManager-l2tp even though I see lots of the following AppArmor denied messages : Feb 18 11:43:33 ubuntu audit[4002]: AVC apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/ipsec/charon" name="run/systemd/journal/dev- log" pid=4002 comm="charon" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 But I think strongswan 5.3.5-1ubuntu4.1 is definitely worthwhile to get rid of those AppArmor denied messages. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1587886 Title: strongswan ipsec status issue with apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs