On 2021-10-06 2:27 p.m., Philip Veale wrote:
On Wed, 6 Oct 2021 at 17:24, Simon Deziel <si...@sdeziel.info> wrote:
On 2021-10-06 12:22 p.m., Simon Deziel wrote:
On 2021-10-06 12:08 p.m., Philip Veale wrote:
Oct 6 16:43:55 VPN-Server charon: 00[LIB] opening
'/etc/letsencrypt/live/vpn.my-hostname/privkey.pem' failed: Permission
denied
Debian Stretch didn't have AppArmor but it's been enabled by default in
Debian since Buster. So yeah, the dist-upgrade kinda broke things.
Thanks to Simon Deziel in this old thread from years ago;
https://lists.strongswan.org/pipermail/users/2017-February/010537.html
I've not quite yet figured out how I want to fix it (there are a few
options) but at least I know why it does not work.
At first glance, I'd add "#include <abstractions/ssl_keys>" to charon's
profile. Would you mind testing this for me (as root):
Oops, here's the corrected version:
cat < EOF >> /etc/apparmor.d/local/usr.lib.ipsec.charon
#include <abstractions/ssl_keys>
EOF
apparmor_parser -rTW /etc/apparmor.d/usr.lib.ipsec.charon
systemctl restart strongswan-starter
I added it using vim instead but Yes, that's worked perfectly, thank you.
System is now fully operational :)
Thanks for testing and reporting back, I'll submit a PR to Debian soon.
Regards,
Simon
