V4.5 addresses some connection switching issues which might be what you are experiencing
Sent using a virtual keyboard on a phone > On Sep 8, 2021, at 10:12, Miguel Ponce Antolin <[email protected]> > wrote: > > > Hi all, > > We are facing this problem, maybe there is any advice you could give us. > > We are configuring two libreswan (v4.4) instances which are going to be a > main and a backup endpoints for a Cisco ASA. > > The connection works well when the configured as main libreswan endpoint has > ipsec running, but when we test to stop ipsec on this main instance the > backup instance do not complete the authentication process. > > We have switched both instances in the Cisco configuration side but, always, > the instance configured as main works as expected, while the backup do not. > The backup instance has been rebooted, the ipsec service has been restarted > and we even tested to switch off the main instance to avoid the possibility > of some blocked connection. > > This is the error that appears on the pluto log: > > Sep 7 10:53:27.711642: | processing payload: ISAKMP_NEXT_v2N (len=0) > Sep 7 10:53:27.711657: | error notification v2N_NO_PROPOSAL_CHOSEN is not > supported > Sep 7 10:53:27.711694: | selected state microcode roof > Sep 7 10:53:27.711706: "vpn/1x1" #4: dropping unexpected IKE_AUTH message > containing NO_PROPOSAL_CHOSEN notification; message payloads: SK; encrypted > payloads: IDr,AUTH,N,V; unexpected payloads: IDr,AUTH > Sep 7 10:53:27.711716: | #4 complete_v2_state_transition() > PARENT_I2->ESTABLISHED_CHILD_SA with status STF_FATAL; md.svm=NULL > Sep 7 10:53:27.711722: "vpn/1x1" #4: encountered fatal error in state > STATE_PARENT_I2 > Sep 7 10:53:27.711726: | Message ID: forcing a response received update > > I hope this is enough information, thanks in advance! > > Kind regards > > -- > > > Miguel Ponce Antolín. > Sistemas · +34 670 360 655 > > · paradig.ma · contáctanos · > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
