<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;color:#073763"><div class="gmail_default">Hi all,</div><div class="gmail_default"><br></div><div class="gmail_default">We are facing this problem, maybe there is any advice you could give us.</div><div class="gmail_default"><br></div><div class="gmail_default">We are configuring two libreswan (v4.4) instances which are going to be a main and a backup endpoints for a Cisco ASA.</div><div class="gmail_default"><br></div><div class="gmail_default">The connection works well when the configured as main libreswan endpoint has ipsec running, but when we test to stop ipsec on this main instance the backup instance do not complete the authentication process.</div><div class="gmail_default"><br></div><div class="gmail_default">We have switched both instances in the Cisco configuration side but, always, the instance configured as main works as expected, while the backup do not. The backup instance has been rebooted, the ipsec service has been restarted and we even tested to switch off the main instance to avoid the possibility of some blocked connection.</div><div class="gmail_default"><br></div><div class="gmail_default">This is the error that appears on the pluto log:</div><div class="gmail_default"><br></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div class="gmail_default" style="font-family:verdana,sans-serif;color:#073763"><div class="gmail_default"><p id="gmail-m_987634893854384361gmail-docs-internal-guid-c17b32d1-7fff-c44f-87dc-5c6b8397b6ba" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10.5pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Sep  7 10:53:27.711642: | processing payload: ISAKMP_NEXT_v2N (len=0)</span></p></div></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:#073763"><div class="gmail_default"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10.5pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Sep  7 10:53:27.711657: | error notification v2N_NO_PROPOSAL_CHOSEN is not supported</span></p></div></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:#073763"><div class="gmail_default"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10.5pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Sep  7 10:53:27.711694: | selected state microcode roof</span></p></div></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:#073763"><div class="gmail_default"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10.5pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Sep  7 10:53:27.711706: "vpn/1x1" #4: dropping unexpected IKE_AUTH message containing NO_PROPOSAL_CHOSEN notification; message payloads: SK; encrypted payloads: IDr,AUTH,N,V; unexpected payloads: IDr,AUTH</span></p></div></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:#073763"><div class="gmail_default"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10.5pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Sep  7 10:53:27.711716: | #4 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_FATAL; md.svm=NULL</span></p></div></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:#073763"><div class="gmail_default"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10.5pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Sep  7 10:53:27.711722: "vpn/1x1" #4: encountered fatal error in state STATE_PARENT_I2</span></p></div></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:#073763"><div class="gmail_default"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10.5pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Sep  7 10:53:27.711726: | Message ID: forcing a response received update</span></p></div></div></blockquote><div class="gmail_default" style="font-family:verdana,sans-serif;color:#073763"><div class="gmail_default"><br></div><div class="gmail_default">I hope this is enough information, thanks in advance!</div><div class="gmail_default"><br></div><div class="gmail_default">Kind regards</div></div><div><br></div>-- <br><div dir="ltr" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>
          <div><div>
          <div><div>
                  <div><div>
                  <div><br>

                    <img alt="Logo Especialidad" src="https://webs.paradigmadigital.com/pd-signature/img/Sistemaschico.png" width="60">

                    <p><strong><span style="margin-top:10px;font-size:17px;color:black">Miguel Ponce Antolín</span><span style="color:rgb(255,69,67);font-size:16px">.</span></strong><br>

                        <span style="font-size:11px;color:black">Sistemas</span>  

                        <span style="font-size:11px;color:black"> ·    +34 670 360 655</span><br>

                        

                        <img style="margin-top:10px;margin-bottom:10px" alt="Linea" src="https://webs.paradigmadigital.com/pd-signature/img/linea.png"><br>

                        <img alt="Logo Paradigma" src="https://webs.paradigmadigital.com/pd-signature/img/logo.png" width="14">  

                        <span style="color:rgb(24,31,44);font-size:11px">·</span>  

                        <a style="color:rgb(24,31,44);text-decoration:none" href="https://www.paradigmadigital.com/" target="_blank"><font size="1">paradig.ma</font></a>  

                        <span style="color:rgb(24,31,44);font-size:11px">·</span>  

                        <a style="color:rgb(24,31,44);text-decoration:none" href="https://www.paradigmadigital.com/contacto" target="_blank"><font size="1">contáctanos</font></a>  

                        <span style="color:rgb(24,31,44);font-size:11px">·</span>  

                        <a href="https://twitter.com/paradigmate" target="_blank"><img style="margin-top:2px" alt="Twitter" src="https://webs.paradigmadigital.com/pd-signature/img/twitter.png" width="13"></a> 

                        <a href="https://www.youtube.com/user/ParadigmaTe?feature=watch" target="_blank"><img style="margin-top:2px" alt="Youtube" src="https://webs.paradigmadigital.com/pd-signature/img/youtube.png" width="13"></a> 

                        <a href="https://www.linkedin.com/company/paradigma-digital/" target="_blank"><img style="margin-top:2px" alt="Linkedin" src="https://webs.paradigmadigital.com/pd-signature/img/linkedin.png" width="13"></a> 

                        <a href="https://www.instagram.com/paradigma_digital/?hl=es" target="_blank"><img style="margin-top:2px" alt="Instagram" src="https://webs.paradigmadigital.com/pd-signature/img/instagram.png" width="13"></a> 
                    </p>
        </div>
      </div></div>
      </div></div>
      </div></div>
      </div></div></div></div></div></div>