I have an Ubuntu Bionic container on LXD that runs strongSwan (the host is Bionic too). Symptoms:
- I can start the ipsec service with systemctl
- I can also use the ‘ipsec start|restart|stop’ commands
- The VPN tunnel to a remote host is created.
- However when I issue ‘ipsec status|statusall|listxxx|etc’ commands, I get a segfault:
root@vpn1:~# ipsec statusall
I tried the following:
- I made sure that all kernel modules required by strongSwan are loaded and added to the container’s config (linux.kernel_modules = …)
- Disabled AppArmor everywhere
- Set the container to privileged
- Launched a KVM VM using the same image (Ubuntu 18.04 LTS (Bionic Beaver) Daily Build ). It worked flawlessly.
Since it’s the same OS and strongSwan versions and the network config was similar, my only guess is it has something with LXD. I ran the ‘ipsec statusall’ with strace, here are the outputs:
Could you guys help solving this issue?