Hello Tobias, > I pushed a fix to master [1]. I guess we'll be releasing 5.8.4 soon.
I have applied your fix and after 5 hours, everything is in good shape. Thanks a lot Tobias for the quick response and fix. Cheers, Marco PS: Here is the log: [CFG] <apsil-10.221.128.183|55> found matching child config "apsil-10.221.128.183" with prio 6 [CFG] <apsil-10.221.128.183|55> selecting traffic selectors for other: [CFG] <apsil-10.221.128.183|55> config: 10.221.128.183/32, received: 10.221.0.0/16 => match: 10.221.128.183/32 [CFG] <apsil-10.221.128.183|55> selecting traffic selectors for us: [CFG] <apsil-10.221.128.183|55> config: 10.240.123.0/26, received: 10.240.123.0/26 => match: 10.240.123.0/26 [CFG] <apsil-10.221.128.183|55> selecting proposal: [CFG] <apsil-10.221.128.183|55> no acceptable DIFFIE_HELLMAN_GROUP found [CFG] <apsil-10.221.128.183|55> selecting proposal: [CFG] <apsil-10.221.128.183|55> no acceptable ENCRYPTION_ALGORITHM found [CFG] <apsil-10.221.128.183|55> received proposals: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ [CFG] <apsil-10.221.128.183|55> configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ [IKE] <apsil-10.221.128.183|55> no matching proposal found, sending NO_PROPOSAL_CHOSEN [IKE] <apsil-10.221.128.183|55> queueing INFORMATIONAL task [IKE] <apsil-10.221.128.183|55> delaying task initiation, QUICK_MODE exchange in progress
