Comment 33 for bug 1786250

> Sep 27 15:28:46 vsrv-bicab-2u charon: 12[IKE] maximum IKE_SA lifetime 10269s
> Sep 27 15:28:46 vsrv-bicab-2u charon: 12[IKE] adding DNS server failed
> Sep 27 15:28:46 vsrv-bicab-2u charon: 12[IKE] adding DNS server failed
> Sep 27 15:28:46 vsrv-bicab-2u charon: 12[CFG] handling INTERNAL_IP4_DNS attribute failed

This sounds like Debian bug #915147 and a workaround/patch is given on that bug report.

> The line:
> #include <abstractions/nameservice>
> Should cover resolve.conf actions, but we'd have to understand exactly how your strongswan is > configured triggering this issue and then consider what/where to add apparmor rules for.

On Debian at least, this only covers read access, and write access is needed by charon.