Hi all, We are facing this problem, maybe there is any advice you could give us.
We are configuring two libreswan (v4.4) instances which are going to be a main and a backup endpoints for a Cisco ASA. The connection works well when the configured as main libreswan endpoint has ipsec running, but when we test to stop ipsec on this main instance the backup instance do not complete the authentication process. We have switched both instances in the Cisco configuration side but, always, the instance configured as main works as expected, while the backup do not. The backup instance has been rebooted, the ipsec service has been restarted and we even tested to switch off the main instance to avoid the possibility of some blocked connection. This is the error that appears on the pluto log: Sep 7 10:53:27.711642: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 7 10:53:27.711657: | error notification v2N_NO_PROPOSAL_CHOSEN is not supported Sep 7 10:53:27.711694: | selected state microcode roof Sep 7 10:53:27.711706: "vpn/1x1" #4: dropping unexpected IKE_AUTH message containing NO_PROPOSAL_CHOSEN notification; message payloads: SK; encrypted payloads: IDr,AUTH,N,V; unexpected payloads: IDr,AUTH Sep 7 10:53:27.711716: | #4 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_FATAL; md.svm=NULL Sep 7 10:53:27.711722: "vpn/1x1" #4: encountered fatal error in state STATE_PARENT_I2 Sep 7 10:53:27.711726: | Message ID: forcing a response received update I hope this is enough information, thanks in advance! Kind regards -- [image: Logo Especialidad] *Miguel Ponce Antolín.* Sistemas · +34 670 360 655 [image: Linea] [image: Logo Paradigma] · paradig.ma <https://www.paradigmadigital.com/> · contáctanos <https://www.paradigmadigital.com/contacto> · [image: Twitter] <https://twitter.com/paradigmate> [image: Youtube] <https://www.youtube.com/user/ParadigmaTe?feature=watch> [image: Linkedin] <https://www.linkedin.com/company/paradigma-digital/> [image: Instagram] <https://www.instagram.com/paradigma_digital/?hl=es>
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
