IPsec VPN broken with Strongswan V5.8.2

I have been using the stock IPsec VPN configuration tool for several years to access my server remotely from my iOS devices. It’s just stopped working. Initially I blamed an iOS update (Sorry Apple but your updates are offten a lottery!). Eventually I downgraded strongswan-ipsec and strongswan-libs0 from V5.8.2 to V5.6.0 and it all started working again but I have no idea why.

Anyone got any ideas? Here’s the log output:

2020-04-23T10:28:01.092484+01:00 Progress charon-systemd[12668]: received packet: from 86.yyy.yyy.yyy[50548] to 192.168.xxx.xxx[500] (848 bytes)
2020-04-23T10:28:01.092809+01:00 Progress charon-systemd[12668]: parsed ID_PROT request 0  SA V V V V V V V V V V V V V V ]
2020-04-23T10:28:01.092857+01:00 Progress charon-systemd[12668]: no IKE config found for 192.168.xxx.xxx...86.yyy.yyy.yyy, sending NO_PROPOSAL_CHOSEN
2020-04-23T10:28:01.092999+01:00 Progress charon-systemd[12668]: generating INFORMATIONAL_V1 request 2574637340  N(NO_PROP) ]
2020-04-23T10:28:01.093210+01:00 Progress charon-systemd[12668]: sending packet: from 192.168.xxx.xxx[500] to 86.yyy.yyy.yyy[50548] (40 bytes)
2020-04-23T10:28:04.396384+01:00 Progress charon-systemd[12668]: received packet: from 86.yyy.yyy.yyy[50548] to 192.168.xxx.xxx[500] (848 bytes)
2020-04-23T10:28:04.397928+01:00 Progress charon-systemd[12668]: parsed ID_PROT request 0  SA V V V V V V V V V V V V V V ]
2020-04-23T10:28:04.398408+01:00 Progress charon-systemd[12668]: no IKE config found for 192.168.xxx.xxx...86.yyy.yyy.yyy, sending NO_PROPOSAL_CHOSEN
2020-04-23T10:28:04.398920+01:00 Progress charon-systemd[12668]: generating INFORMATIONAL_V1 request 1847658871  N(NO_PROP) ]
2020-04-23T10:28:04.399379+01:00 Progress charon-systemd[12668]: sending packet: from 192.168.xxx.xxx[500] to 86.yyy.yyy.yyy[50548] (40 bytes)
2020-04-23T10:28:07.692186+01:00 Progress charon-systemd[12668]: received packet: from 86.yyy.yyy.yyy[50548] to 192.168.xxx.xxx[500] (848 bytes)
2020-04-23T10:28:07.693002+01:00 Progress charon-systemd[12668]: parsed ID_PROT request 0  SA V V V V V V V V V V V V V V ]
2020-04-23T10:28:07.693491+01:00 Progress charon-systemd[12668]: no IKE config found for 192.168.xxx.xxx...86.yyy.yyy.yyy, sending NO_PROPOSAL_CHOSEN
2020-04-23T10:28:07.693988+01:00 Progress charon-systemd[12668]: generating INFORMATIONAL_V1 request 3287194035  N(NO_PROP) ]
2020-04-23T10:28:07.694456+01:00 Progress charon-systemd[12668]: sending packet: from 192.168.xxx.xxx[500] to 86.yyy.yyy.yyy[50548] (40 bytes)
2020-04-23T10:28:10.990733+01:00 Progress charon-systemd[12668]: received packet: from 86.yyy.yyy.yyy[50548] to 192.168.xxx.xxx[500] (848 bytes)
2020-04-23T10:28:10.991341+01:00 Progress charon-systemd[12668]: parsed ID_PROT request 0  SA V V V V V V V V V V V V V V ]
2020-04-23T10:28:10.991842+01:00 Progress charon-systemd[12668]: no IKE config found for 192.168.xxx.xxx...86.yyy.yyy.yyy, sending NO_PROPOSAL_CHOSEN
2020-04-23T10:28:10.992300+01:00 Progress charon-systemd[12668]: generating INFORMATIONAL_V1 request 210107873  N(NO_PROP) ]
2020-04-23T10:28:10.993316+01:00 Progress charon-systemd[12668]: sending packet: from 192.168.xxx.xxx[500] to 86.yyy.yyy.yyy[50548] (40 bytes)



192.168.xxx.xxx is my local seerver and 86.yyy.yyy.yyy is my public IP

These xxx and yyy do not realy make things easier to interprete. And while I can understand that you hesitate to show your public IP address, I do not understand that for the private 192.168.0.0/16 network. There are tens of thousand of these private networks in this world. Almost every home network uses it. So why to keep thing secret here?

The daemon montor in Yast says “Status not available: is the daemon running?”

I checked and both strongswan.service and strongswan-swanctl.service are running.

I then found this reference:
https://wiki.strongswan.org/issues/3339

which pointed to:
https://build.opensuse.org/request/show/774999

Both reference a missing file /etc/dbus-1/system.d/nm-strongswan-service.conf

I created the file with the suggested contents but still no joy.

OK I think I ahve got to the bottom of it.

Version V5.6.0 installed a single serve strongswan.service

Version V5.8.2 installed two services strongswan.service & strongswan-starter.service

In both cases strongswan.service is set to active.

The code in /usr/lib/systemd/system/strongswan.service for V5.6.0 matches that for /usr/lib/systemd/system/strongswan-starter.service in V5.8.2.

Changing the active service from strongswan.service to strongswan-starter.service has it all working again.

However in YAST the VPN applet still monitors strongswan.service and restarting the daemon in YAST starts strongswan.service.

As such, there is a missmatch here. What is the expected behavior now there are two different services with the install of V5.8.2?