Previously, VPNaaS configured filesystem permissions on a connection's ipsec.secrets file to be accessible by the owner only (0600). The service generates this file at runtime, and typically it has the service user as the owner (for example, neutron). LibreSwan's strict access control requires that the ipsec.secrets be owned by 'root'. As a result of this configuration, connections would fail to start due to access errors on the ipsec.secrets file.
This update addresses this issue, with VPNaaS now changing the owner of the ipsec.secrets file to root before starting. Consequently, connections are now expected to start normally.