On Wed, 6 Oct 2021 at 17:24, Simon Deziel <si...@sdeziel.info> wrote:
> On 2021-10-06 12:22 p.m., Simon Deziel wrote: > > On 2021-10-06 12:08 p.m., Philip Veale wrote: > >> Oct 6 16:43:55 VPN-Server charon: 00[LIB] opening > >> '/etc/letsencrypt/live/vpn.my-hostname/privkey.pem' failed: Permission > >> denied > >> > >> Debian Stretch didn't have AppArmor but it's been enabled by default in > >> Debian since Buster. So yeah, the dist-upgrade kinda broke things. > >> > >> Thanks to Simon Deziel in this old thread from years ago; > >> https://lists.strongswan.org/pipermail/users/2017-February/010537.html > >> > >> > >> I've not quite yet figured out how I want to fix it (there are a few > >> options) but at least I know why it does not work. > > > > > > At first glance, I'd add "#include <abstractions/ssl_keys>" to charon's > > profile. Would you mind testing this for me (as root): > > Oops, here's the corrected version: > > cat < EOF >> /etc/apparmor.d/local/usr.lib.ipsec.charon > #include <abstractions/ssl_keys> > EOF > apparmor_parser -rTW /etc/apparmor.d/usr.lib.ipsec.charon > systemctl restart strongswan-starter > I added it using vim instead but Yes, that's worked perfectly, thank you. System is now fully operational :)
