Description of problem: VPN only connects when NetworkManager is started in debug mode Version-Release number of selected component (if applicable): NetworkManager 1.0.10 NetworkManagers-strongswan(-gnome) 1.3.1 Strongswan 5.3.2 How reproducible: Add a Strongswan VPN (EAP in my case, not sure if it makes a difference) using nm-connection-manager (the 'settings' applet is broken). Starting VPN doesn't work. Open terminal: systemctl stop NetworkManager NetworkManager -b (starts nm in debug mode, and not as a daemon) Now the VPN does connect. Not sure how I can get more info to provide to more knowledgeable users/developers, but I would be happy to try.
Would you include NetworkManager logs for both the successful and the failing case. You should be able to get the logs using journalctl. # journalctl -b 0 -u NetworkManager
Created attachment 1118337 [details] Output of journalctl for failed connection
Created attachment 1118338 [details] log for successful connection
Created attachment 1118339 [details] SELinux audit.log, grepped for 'charon-nm'
I looked at the logs and uploaded them here. For some reason (not sure why; might be connected to my attempts of installing custom policies into selinux), I couldn't get it working in the debug mode of NetworkManager anymore either. But, it is quite evident from the logs that SELinux is to blame. So I included on top of journalctl logs for NetworkManager, also audit.log, grepped for the suspect process 'charon-nm'.
For clarity, the successful connection and the audit.log are acquired after setting SELinux to 'permissive'.
commit 8fd6f85a0fb7b7247b7c408dc378ca3164f6bf85 Author: Lukas Vrabec <lvrabec> Date: Thu Feb 25 17:33:09 2016 +0100 Allow ipsec to read home certs, when connecting to VPN. rhbz#1301319
selinux-policy-3.13.1-158.9.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870
selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870
selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.