Good day to everyone.
Have client with Fortigate in HA cluster. Site2site IPsec VPN establishes w/o any trouble. But after 2nd phase completes i see multiply INVALID_SPI at my side:
VPN-IPSEC: "peer-50.***.2-tunnel-10" #12: ignoring informational payload, type INVALID_SPI
Tunnel #10 is only as example, same error is for each tunnel.
Cisco has feature crypto isakmp invalid-spi-recovery
to fix this. Is there any chance that VyOS strongswan has such feature, like add/remove charon plugin? My side 1.1.7 VyOS as VM, clients’ - Fortigate 100E.
Any thoughts?
Thank you in advance.
Alex M.