Hello Simon, No, I do not have encrypted certs and StrongSwan works well as a service without user interaction:
# sudo ipsec start --nofork Starting strongSwan 5.1.2 IPsec [starter]... 00[DMN] Starting IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-48-generic, x86_64) 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' 00[CFG] loaded ca certificate "C=US, O=ShareG.co, OU=VPN Dept, CN=ca-root.shareg.co, E=ad...@shareg.co" from '/etc/ipsec.d/cacerts/cacert.pem' 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' 00[CFG] loading crls from '/etc/ipsec.d/crls' 00[CFG] loading secrets from '/etc/ipsec.secrets' 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/vpn.shareg.co.pem' 00[CFG] loaded IKE secret for vpn.shareg.co 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 rdrand random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity eap-mschapv2 eap-radius xauth-eap addrblock ... OR # sudo service strongswan start && sudo tail /var/log/syslog Feb 24 22:20:56 vpn-01 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-48-generic, x86_64) Feb 24 22:20:56 vpn-01 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Feb 24 22:20:56 vpn-01 charon: 00[CFG] loaded ca certificate "C=US, O=ShareG.co, OU=VPN Dept, CN=ca-root.shareg.co, E=ad...@shareg.co" from '/etc/ipsec.d/cacerts/cacert.pem' Feb 24 22:20:56 vpn-01 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Feb 24 22:20:56 vpn-01 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Feb 24 22:20:56 vpn-01 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Feb 24 22:20:56 vpn-01 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Feb 24 22:20:56 vpn-01 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Feb 24 22:20:56 vpn-01 charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/vpn.shareg.co.pem' Feb 24 22:20:56 vpn-01 charon: 00[CFG] loaded IKE secret for vpn.shareg.co Feb 24 22:20:56 vpn-01 charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 rdrand random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity eap-mschapv2 eap-radius xauth-eap addrblock ... -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1549436 Title: AppArmor kills StronSwan daemon 'charon' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1549436/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
