Fedora 28, strongswan-5.6.2-2.
Upon connecting to a IKEv2 VPN gateway, charon-nm fails to parse the provided DNS addresses correctly and fills in random garbage. As a result, no server names in the private network can be resolved.
This is a known problem fixed by a specific patch in the 5.6.2 version, but the patch seems to be forgotten/omitted during build of the Fedora RPM.
The following one-liner should fix the problem.
(In reply to Marian Kechlibar from comment #0)
> the patch seems to be forgotten/omitted during build of the Fedora RPM.
What do you mean by forgotten/omitted during build?
(In reply to Pavel (pavlix) Šimerda from comment #1)
> (In reply to Marian Kechlibar from comment #0)
> > the patch seems to be forgotten/omitted during build of the Fedora RPM.
> What do you mean by forgotten/omitted during build?
I mean that charon-nm behaves exactly as expected if the patch was not there. I haven't checked the actual Fedora sources, though. I definitely did not mean to attribute any guilt to anyone or so.
BTW Ubuntu 18.04 has precisely the same problem. In Debian the RPM was already patched.
Absolutely confirming the bug. After F27->F28 upgrade all previously working IPSec VPNs are broken this very way. Why is this big still "NEW"? When to expect a fix?
I was able to fix the problem on my computer by downloading the source RPM, extracting it, patching the faulty line (it is indeed a one-liner), recompiling the RPM from the patched source and reinstalling the patched package. That is beyond a typical user's ability, though.
Pavlix asked me to join a special IIRC channel and submit a Pull request, I will do so when I find the necessary time, probably tomorrow.
*** Bug 1564529 has been marked as a duplicate of this bug. ***
I confirm that the build [strongswan-5.6.2-6.fc28](https://bodhi.fedoraproject.org/updates/FEDORA-2018-3731a89e20) fixes this issue.
Fixed since strongswan-5.6.2-6.