Comment 25 for bug 1535951

it looks like strongswan is faking a nat situation if the kernel-libipsec
is used, so there are only problems with transport & beet mode ..

btw: did you get this audit entries too?

# grep audit /var/log/syslog
Feb 16 07:56:31 kvm-xenial kernel: [240771.376037] audit: type=1400 audit(1455605791.501:866): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/31139/fd/" pid=31139 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 16 08:20:30 kvm-xenial kernel: [242210.398331] audit: type=1400 audit(1455607230.525:867): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/31165/fd/" pid=31165 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 16 08:37:04 kvm-xenial kernel: [243204.311072] audit: type=1400 audit(1455608224.480:868): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/31720/fd/" pid=31720 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 16 08:41:09 kvm-xenial kernel: [243449.474502] audit: type=1400 audit(1455608469.642:869): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/31743/fd/" pid=31743 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 16 08:41:30 kvm-xenial kernel: [243470.304749] audit: type=1400 audit(1455608490.474:870): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/31836/fd/" pid=31836 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0