Comment # 7 on bug 1045901 from James Carter

Mee too.  

In Tumbleweed as of 2017-10-01, for 
NetworkManager-1.8.4-1.1.x86_64 
NetworkManager-strongswan-1.4.2-1.1.x86_64
strongswan-ipsec-5.6.0-1.1.x86_64 

A laptop has NetworkManager-strongswan installed, but not 
strongswan-ipsec.  I turn on the StrongSwan VPN, whose configuration
used to work.  Syslog shows charon-nm was started, but a dialog 
box appears saying:
Failed to initialize VPN plugin: Connection ":1.49" is not allowed 
    to own the service "org.freedesktop.NetworkManager.strongswan" 
    due to security policies in the configuration file.  

This is not a lie; 
/etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf
from NetworkManager-1.8.4-1.1.x86_64 allows root to own 
org.freedesktop.NetworkManager.strongswan but not any users.  

My workaround was to steal /etc/dbus-1/system.d/nm-strongswan-service.conf
off the server.  This file is provided by strongswan-ipsec which the
server does have.  

https://bugzilla.opensuse.org/show_bug.cgi?id=1035555
appears to be a duplicate of this bug.  So is
https://bugzilla.redhat.com/show_bug.cgi?id=1379537
OP Daniel Uvehag (2016-09-27), nm-strongswan-service.conf is missing, 
workaround by installing from the previous package version. 

Clearly the distro manager has to do something about this, but what? 
Maybe NetworkManager-strongswan should depend on strongswan-ipsec 
(hiss, boo).  Maybe a package that both of them depend on should include
/etc/dbus-1/system.d/nm-strongswan-service.conf .  Actually, since
nm-strongswan-service.conf is explicitly named for NetworkManager, maybe
NetworkManager-strongswan is the best place for it. 
Does strongswan-ipsec actually use this file?