Comment 4 for bug 1786250

repeated with more care to ensure profiles are actually unloaded

running this twice, confirms profiles are now not loaded

$ for profile in $(find . | egrep "charon|ipsec" | grep -v local); do sudo apparmor_parser -R /etc/apparmor.d/$profile; done
apparmor_parser: Unable to remove "/usr/lib/ipsec/lookip". Profile doesn't exist
apparmor_parser: Unable to remove "/usr/sbin/charon-systemd". Profile doesn't exist
apparmor_parser: Unable to remove "/usr/lib/ipsec/stroke". Profile doesn't exist
apparmor_parser: Unable to remove "/usr/lib/ipsec/charon". Profile doesn't exist

and, the aa-status confirms
$ sudo aa-status | egrep "ipsec|charon"
(EMPTY)

---

RETRY

 - ffs, connection STILL hangs, but these rejected charon messages in dmesg are no longer happening (so maybe those are a legit bug/issue with the profile to be fixed, but a red-herring to my primary issue)