NetworkManager failed to connect: 'Timeout was reached' (Manjaro)

[momu]

As I'm jealous of my colleague who uses the l2tp connection on his Linux Mint machine successfully, I gave it a try on two different Manjaro systems.

I installed networkmanager-l2tp and strongswan:

sudo pacman -S networkmanager-l2tp strongswan

Created a new l2tp connection entry with the network manager, which resulted in this nmconnection file:

[connection]
id=New vpn connection
uuid=e0b3b8cc-f213-4ac6-9942-a3907827b791
type=vpn

[vpn]
gateway=<GATEWAY>
ipsec-enabled=yes
ipsec-psk=<IPSEC-PSK>
password-flags=1
user=<USER>
service-type=org.freedesktop.NetworkManager.l2tp

[ipv4]
method=auto

[ipv6]
addr-gen-mode=default
method=auto

[proxy]

When trying to connect using this connection, journalctl -f -u NetworkManager.service gives:

Jan 30 16:54:19 pc NetworkManager[765817]: <info>  [1706630059.2595] vpn[0x560fb68090a0,e0b3b8cc-f213-4ac6-9942-a3907827b791,"New vpn connection"]: starting l2tp                                    
Jan 30 16:54:19 pc NetworkManager[765817]: <info>  [1706630059.2597] audit: op="connection-activate" uuid="e0b3b8cc-f213-4ac6-9942-a3907827b791" name="New vpn connection" pid=766014 uid=1000 result
="success"                                                                                                                                                                                                 
Jan 30 16:54:19 pc nm-l2tp-service[767934]: Check port 1701                                                                                                                                          
Jan 30 16:54:19 pc NetworkManager[767949]: Stopping strongSwan IPsec failed: starter is not running                                                                                                  
Jan 30 16:54:21 pc NetworkManager[767946]: Starting strongSwan 5.9.13 IPsec [starter]...                                                                                                             
Jan 30 16:54:21 pc NetworkManager[767946]: Loading config setup                                                                                                                                      
Jan 30 16:54:21 pc NetworkManager[767946]: Loading conn 'e0b3b8cc-f213-4ac6-9942-a3907827b791'                                                                                                       
Jan 30 16:54:21 pc ipsec_starter[767946]: Starting strongSwan 5.9.13 IPsec [starter]...                                                                                                              
Jan 30 16:54:21 pc ipsec_starter[767946]: Loading config setup                                                                                                                                       
Jan 30 16:54:21 pc ipsec_starter[767946]: Loading conn 'e0b3b8cc-f213-4ac6-9942-a3907827b791'                                                                                                        
Jan 30 16:54:21 pc ipsec_starter[767986]: Attempting to start charon...                                                                                                                              
Jan 30 16:54:21 pc charon[767987]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.13, Linux 6.6.10-1-MANJARO, x86_64)                                                                            
Jan 30 16:54:21 pc charon[767987]: 00[CFG] PKCS11 module '<name>' lacks library path                                                                                                                 
Jan 30 16:54:21 pc charon[767987]: 00[LIB] providers loaded by OpenSSL: legacy default                                                                                                               
Jan 30 16:54:21 pc charon[767987]: 00[CFG] using '/sbin/resolvconf' to install DNS servers                                                                                                           
Jan 30 16:54:21 pc charon[767987]: 00[CFG] attr-sql plugin: database URI not set                                                                                                                     
Jan 30 16:54:21 pc charon[767987]: 00[NET] using forecast interface eno1                                                                                                                             
Jan 30 16:54:21 pc charon[767987]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250                                                           
Jan 30 16:54:21 pc charon[767987]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'                                                                                                       
Jan 30 16:54:21 pc charon[767987]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'                                                                                                       
Jan 30 16:54:21 pc charon[767987]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'                                                                                            
Jan 30 16:54:21 pc charon[767987]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jan 30 16:54:21 pc charon[767987]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jan 30 16:54:21 pc charon[767987]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jan 30 16:54:21 pc charon[767987]: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Jan 30 16:54:21 pc charon[767987]: 00[CFG]   loaded IKE secret for %any
Jan 30 16:54:21 pc charon[767987]: 00[CFG] sql plugin: database URI not set
Jan 30 16:54:21 pc charon[767987]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Jan 30 16:54:21 pc charon[767987]: 00[CFG] loaded 0 RADIUS server configurations
Jan 30 16:54:21 pc charon[767987]: 00[CFG] HA config misses local/remote address
Jan 30 16:54:21 pc charon[767987]: 00[CFG] no script for ext-auth script defined, disabled
Jan 30 16:54:21 pc charon[767987]: 00[LIB] loaded plugins: charon ldap pkcs11 aesni aes des rc2 sha2 sha3 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey
 sshkey pem openssl pkcs8 fips-prf gmp curve25519 agent chapoly xcbc cmac hmac kdf gcm ntru drbg newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default bypass-lan connmark forecast fa
rp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-e
ap xauth-pam xauth-noauth dhcp radattr unity counters
Jan 30 16:54:21 pc charon[767987]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Jan 30 16:54:21 pc charon[767987]: 00[JOB] spawning 16 worker threads
Jan 30 16:54:21 pc charon[767987]: 05[IKE] installed bypass policy for 192.168.170.0/24
Jan 30 16:54:21 pc charon[767987]: 05[IKE] installed bypass policy for 2a01:599:103:73ec::/64
Jan 30 16:54:21 pc charon[767987]: 05[IKE] installed bypass policy for fe80::/64
Jan 30 16:54:21 pc ipsec_starter[767986]: charon (767987) started after 100 ms
Jan 30 16:54:21 pc charon[767987]: 13[CFG] received stroke: add connection 'e0b3b8cc-f213-4ac6-9942-a3907827b791'
Jan 30 16:54:21 pc charon[767987]: 13[CFG] added configuration 'e0b3b8cc-f213-4ac6-9942-a3907827b791'
Jan 30 16:54:22 pc charon[767987]: 15[CFG] rereading secrets
Jan 30 16:54:22 pc charon[767987]: 15[CFG] loading secrets from '/etc/ipsec.secrets'
Jan 30 16:54:22 pc charon[767987]: 15[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Jan 30 16:54:22 pc charon[767987]: 15[CFG]   loaded IKE secret for %any
Jan 30 16:54:22 pc charon[767987]: 07[CFG] received stroke: initiate 'e0b3b8cc-f213-4ac6-9942-a3907827b791'
Jan 30 16:54:22 pc charon[767987]: 09[IKE] initiating Main Mode IKE_SA e0b3b8cc-f213-4ac6-9942-a3907827b791[1] to <GATEWAYIP>
Jan 30 16:54:22 pc charon[767987]: 09[IKE] initiating Main Mode IKE_SA e0b3b8cc-f213-4ac6-9942-a3907827b791[1] to <GATEWAYIP>
Jan 30 16:54:22 pc charon[767987]: 09[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Jan 30 16:54:22 pc charon[767987]: 09[NET] sending packet: from 192.168.170.75[500] to <GATEWAYIP>[500] (532 bytes)
Jan 30 16:54:22 pc charon[767987]: 05[NET] received packet: from <GATEWAYIP>[500] to 192.168.170.75[500] (192 bytes)
Jan 30 16:54:22 pc charon[767987]: 05[ENC] parsed ID_PROT response 0 [ SA V V V V ]
Jan 30 16:54:22 pc charon[767987]: 05[IKE] received XAuth vendor ID
Jan 30 16:54:22 pc charon[767987]: 05[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 30 16:54:22 pc charon[767987]: 05[IKE] received DPD vendor ID
Jan 30 16:54:22 pc charon[767987]: 05[ENC] received unknown vendor ID: bf:c2:2e:98:56:ba:99:36:11:c1:1e:48:a6:d2:08:07:a9:5b:ed:b3:93:02:6a:49:e6:0f:ac:32:7b:b9:60:1b:56:6b:34:39:4d:54:49:75:4f:43:
42:43:54:6a:30:32:4e:54:6b:30:4d:7a:59:3d
Jan 30 16:54:22 pc charon[767987]: 05[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jan 30 16:54:22 pc charon[767987]: 05[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 30 16:54:22 pc charon[767987]: 05[NET] sending packet: from 192.168.170.75[500] to <GATEWAYIP>[500] (244 bytes)
Jan 30 16:54:22 pc charon[767987]: 06[NET] received packet: from <GATEWAYIP>[500] to 192.168.170.75[500] (220 bytes)
Jan 30 16:54:22 pc charon[767987]: 06[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jan 30 16:54:22 pc charon[767987]: 06[IKE] local host is behind NAT, sending keep alives
Jan 30 16:54:22 pc charon[767987]: 06[ENC] generating ID_PROT request 0 [ ID HASH ]
Jan 30 16:54:22 pc charon[767987]: 06[NET] sending packet: from 192.168.170.75[4500] to <GATEWAYIP>[4500] (68 bytes)
Jan 30 16:54:26 pc charon[767987]: 14[IKE] sending retransmit 1 of request message ID 0, seq 3
Jan 30 16:54:26 pc charon[767987]: 14[NET] sending packet: from 192.168.170.75[4500] to <GATEWAYIP>[4500] (68 bytes)
Jan 30 16:54:26 pc charon[767987]: 13[NET] received packet: from <GATEWAYIP>[4500] to 192.168.170.75[4500] (220 bytes)
Jan 30 16:54:26 pc charon[767987]: 13[IKE] received retransmit of response with ID 0, but next request already sent
Jan 30 16:54:29 pc NetworkManager[765817]: <warn>  [1706630069.3017] vpn[0x560fb68090a0,e0b3b8cc-f213-4ac6-9942-a3907827b791,"New vpn connection"]: failed to connect: 'Timeout was reached'
Jan 30 16:54:30 pc charon[767987]: 01[NET] received packet: from <GATEWAYIP>[4500] to 192.168.170.75[4500] (220 bytes)
Jan 30 16:54:30 pc charon[767987]: 01[IKE] received retransmit of response with ID 0, but next request already sent
Jan 30 16:54:33 pc charon[767987]: 15[IKE] sending retransmit 2 of request message ID 0, seq 3
Jan 30 16:54:33 pc charon[767987]: 15[NET] sending packet: from 192.168.170.75[4500] to <GATEWAYIP>[4500] (68 bytes)
Jan 30 16:54:34 pc charon[767987]: 08[NET] received packet: from <GATEWAYIP>[4500] to 192.168.170.75[4500] (220 bytes)
Jan 30 16:54:34 pc charon[767987]: 08[IKE] received retransmit of response with ID 0, but next request already sent
Jan 30 16:54:38 pc NetworkManager[768225]: Stopping strongSwan IPsec...
Jan 30 16:54:38 pc charon[767987]: 00[DMN] SIGINT received, shutting down
Jan 30 16:54:38 pc charon[767987]: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Jan 30 16:54:38 pc NetworkManager[768032]: initiating Main Mode IKE_SA e0b3b8cc-f213-4ac6-9942-a3907827b791[1] to <GATEWAYIP>
Jan 30 16:54:38 pc NetworkManager[768032]: generating ID_PROT request 0 [ SA V V V V V ]
Jan 30 16:54:38 pc NetworkManager[768032]: sending packet: from 192.168.170.75[500] to <GATEWAYIP>[500] (532 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: received packet: from <GATEWAYIP>[500] to 192.168.170.75[500] (192 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: parsed ID_PROT response 0 [ SA V V V V ]
Jan 30 16:54:38 pc NetworkManager[768032]: received XAuth vendor ID
Jan 30 16:54:38 pc NetworkManager[768032]: received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 30 16:54:38 pc NetworkManager[768032]: received DPD vendor ID
Jan 30 16:54:38 pc NetworkManager[768032]: received unknown vendor ID: bf:c2:2e:98:56:ba:99:36:11:c1:1e:48:a6:d2:08:07:a9:5b:ed:b3:93:02:6a:49:e6:0f:ac:32:7b:b9:60:1b:56:6b:34:39:4d:54:49:75:4f:43:
42:43:54:6a:30:32:4e:54:6b:30:4d:7a:59:3d
Jan 30 16:54:38 pc NetworkManager[768032]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jan 30 16:54:38 pc NetworkManager[768032]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 30 16:54:38 pc NetworkManager[768032]: sending packet: from 192.168.170.75[500] to <GATEWAYIP>[500] (244 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: received packet: from <GATEWAYIP>[500] to 192.168.170.75[500] (220 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jan 30 16:54:38 pc NetworkManager[768032]: received XAuth vendor ID
Jan 30 16:54:38 pc NetworkManager[768032]: received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 30 16:54:38 pc NetworkManager[768032]: received DPD vendor ID
Jan 30 16:54:38 pc NetworkManager[768032]: received unknown vendor ID: bf:c2:2e:98:56:ba:99:36:11:c1:1e:48:a6:d2:08:07:a9:5b:ed:b3:93:02:6a:49:e6:0f:ac:32:7b:b9:60:1b:56:6b:34:39:4d:54:49:75:4f:43:42:43:54:6a:30:32:4e:54:6b:30:4d:7a:59:3d
Jan 30 16:54:38 pc NetworkManager[768032]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jan 30 16:54:38 pc NetworkManager[768032]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 30 16:54:38 pc NetworkManager[768032]: sending packet: from 192.168.170.75[500] to <GATEWAYIP>[500] (244 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: received packet: from <GATEWAYIP>[500] to 192.168.170.75[500] (220 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jan 30 16:54:38 pc NetworkManager[768032]: local host is behind NAT, sending keep alives
Jan 30 16:54:38 pc NetworkManager[768032]: generating ID_PROT request 0 [ ID HASH ]
Jan 30 16:54:38 pc NetworkManager[768032]: sending packet: from 192.168.170.75[4500] to <GATEWAYIP>[4500] (68 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: sending retransmit 1 of request message ID 0, seq 3
Jan 30 16:54:38 pc NetworkManager[768032]: sending packet: from 192.168.170.75[4500] to <GATEWAYIP>[4500] (68 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: received packet: from <GATEWAYIP>[4500] to 192.168.170.75[4500] (220 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: received retransmit of response with ID 0, but next request already sent
Jan 30 16:54:38 pc NetworkManager[768032]: received packet: from <GATEWAYIP>[4500] to 192.168.170.75[4500] (220 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: received retransmit of response with ID 0, but next request already sent
Jan 30 16:54:38 pc NetworkManager[768032]: sending retransmit 2 of request message ID 0, seq 3
Jan 30 16:54:38 pc NetworkManager[768032]: sending packet: from 192.168.170.75[4500] to <GATEWAYIP>[4500] (68 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: received packet: from <GATEWAYIP>[4500] to 192.168.170.75[4500] (220 bytes)
Jan 30 16:54:38 pc NetworkManager[768032]: received retransmit of response with ID 0, but next request already sent
Jan 30 16:54:38 pc NetworkManager[768032]: destroying IKE_SA in state CONNECTING without notification
Jan 30 16:54:38 pc NetworkManager[768032]: establishing connection 'e0b3b8cc-f213-4ac6-9942-a3907827b791' failed
Jan 30 16:54:38 pc charon[767987]: 00[IKE] uninstalling bypass policy for 192.168.170.0/24
Jan 30 16:54:38 pc charon[767987]: 00[IKE] uninstalling bypass policy for 2a01:599:103:73ec::/64
Jan 30 16:54:38 pc charon[767987]: 00[IKE] uninstalling bypass policy for fe80::/64
Jan 30 16:54:38 pc ipsec_starter[767986]: child 767987 (charon) has quit (exit code 0)
Jan 30 16:54:38 pc ipsec_starter[767986]: 
Jan 30 16:54:38 pc ipsec_starter[767986]: charon stopped after 200 ms
Jan 30 16:54:38 pc ipsec_starter[767986]: ipsec starter stopped
Jan 30 16:54:38 pc nm-l2tp-service[767934]: Could not establish IPsec connection.
Jan 30 16:54:38 pc nm-l2tp-service[767934]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed

Looks like there is a 10 s timeout indicated by this line:

Jan 30 16:54:29 pc NetworkManager[765817]: <warn>  [1706630069.3017] vpn[0x560fb68090a0,e0b3b8cc-f213-4ac6-9942-a3907827b791,"New vpn connection"]: failed to connect: 'Timeout was reached'

Does anybody have a clue where the problem is?

[dkosovic]

I see bypass policy in the logs, unlike many other Linux distros, Manjaro enables experimental strongswan plugins that can be problematic, try to disable loading them with:

sudo sed -i 's/load = yes/load = no/' /etc/strongswan.d/charon/bypass-lan.conf
sudo sed -i 's/load = yes/load = no/' /etc/strongswan.d/charon/connmark.conf
sudo sed -i 's/load = yes/load = no/' /etc/strongswan.d/charon/forecast.conf
sudo sed -i 's/load = yes/load = no/' /etc/strongswan.d/charon/sha3.conf

You will also need to reboot as kernel modules used by some of the strongswan plugins might also be loaded.

[RestoreEmpire]

I have the same issue when I try to connect to a VPN. Unfortunately, the advice from the comment above didn't help. Linux version: Linux 6.1.71-1-MANJARO x86_64 journalctl logs:

Feb 02 20:36:12 realism-manjaro-pc NetworkManager[20042]: <info>  [1706895372.4847] vpn[0x56228f6e22a0,18e5f0f9-17bf-48f6-ad08-afb0d3058d92,"VPN"]: starting l2tp
Feb 02 20:36:12 realism-manjaro-pc NetworkManager[20042]: <info>  [1706895372.4850] audit: op="connection-activate" uuid="18e5f0f9-17bf-48f6-ad08-afb0d3058d92" name="VPN" pid=1593 uid=1000 result="success"
Feb 02 20:36:22 realism-manjaro-pc NetworkManager[20042]: <warn>  [1706895382.4998] vpn[0x56228f6e22a0,18e5f0f9-17bf-48f6-ad08-afb0d3058d92,"VPN"]: failed to connect: 'Timeout was reached'

My colleagues don't have this problem on other distros. I'm pretty sure that my VPN connection settings are correct.

[dkosovic]

I don't currently have a VM with either Manjaro or Arch Linux. As they are cutting edge distros, they are typically the distros that first encounter issues with kernel updates that break the L2TP kernel modules and have issues with changes to NetworkManger. I'll try and spin one up this week.

One other thing I forgot to suggest is that the following services should be stopped and preferably disabled :.

• strongswan
• strongswan-starter

Some Arch Linux doco for L2TP suggests running the strongswan service, but they most definitely should not be run as NetworkManger is not compatible with it. It is compatible with strongswan-starter, but there is no need to have it running. NetworkManger-l2tp starts its own instance of strongwan, so doesn't need either of the above two services.

Although I don't think these strongswan services are an issue in these cases.

[dkosovic]

Regarding the 10 second timeout, that is not something from this repository, the IPsec connection has a 16 sec timeout as does the xl2tpd/pppd connection:

https://github.com/nm-l2tp/NetworkManager-l2tp/blob/8760535cae920b100f70a29b92092201f0335d12/src/nm-l2tp-service.c#L92-L93

From memory, NetworkManager had a 50 second timeout for VPN connections, maybe it has been reduced on Manjaro?

I'm not about to reproduce as my VPN connection takes less than 10 seconds.

[RestoreEmpire]

@dkosovic Thank you for your assistance. I've checked that the source code of nm and nm-l2tp is taken directly from their actual repositories and has no mentions related to "timeout" in pacman build configuration(even if this parameters don't exist). I think this issue can be closed as it's not related to nm directly.

[dkosovic]

You could try replacing strongswan with libreswan from AUR : https://aur.archlinux.org/packages/libreswan

It is built with USE_DH2=true option i.e. the weak modp1024 algorithm that the VPN server you are connecting to is using in the logs for the selected proposal. That USE_DH2=true option is not enabled by default in the libreswan upstream source code with later versions of libreswan, so is a good thing AUR does in this case.

But from the libreswan AUR comments, looks like there are some issues with building/running it at the moment and there are some workarounds.

Hopefully libreswan might be quicker in connecting.

[RestoreEmpire]

I didn't mention it, but I have tried both strongswan and libreswan. The result was the same. I want to try to build strongswan with increased timeout.

[dkosovic]

I'll leave this issue open in case other Manjaro and Arch Linux users come along with the same issue, that way they know something is wrong.

[dkosovic]

This is where the failed to connect warning message from NetworkManager is coming from : https://github.com/NetworkManager/NetworkManager/blob/1.44.2/src/core/vpn/nm-vpn-connection.c#L1569

In that warning, it looks like Timeout was reached is a D-Bus timeout error.

sudo systemctl status dbus or sudo journalctl -u dbus might have some hints as to what is wrong.

[dkosovic]

You could use strongswan on the command-line with the generated ipsec config file for further debugging and for removing NetworkManager from the equation. The below ipsec commands are identical to what this VPN client uses (except it doesn't use the sleep 2 command, instead it uses a for loop to determine when connection is ready).

sudo ipsec restart --conf /var/run/nm-l2tp-e0b3b8cc-f213-4ac6-9942-a3907827b791/ipsec.conf --debug
sleep 2
sudo ipsec up e0b3b8cc-f213-4ac6-9942-a3907827b791

sudo ipsec status

(e0b3b8cc-f213-4ac6-9942-a3907827b791 was obtained from a Loading conn 'e0b3b8cc-f213-4ac6-9942-a3907827b791' line in the original post's log output.)

If strongswan isn't able to connect, you could post the ipsec.conf file contents and the command-line output to the strongswan issues page:

• https://github.com/strongswan/strongswan/issues

They might be able to help you resolve the issue.