Hi,

I try to solve this now since half a year ant treid all m0n0 versions
in between and slowly get cluelsee.

I have two m0n0s based on WRAPs connected, where one is on a dynamic
IP and one is fixed.

after a while the tunnel drops and the log gets filled with

Jun 30 10:23:17 wall racoon: ERROR:
proposal.c:968:set_proposal_from_policy(): not supported nested SA.
Jun 30 10:23:17 wall racoon: ERROR:
isakmp_quick.c:2072:get_proposal_r(): failed to create saprop.
Jun 30 10:23:17 wall racoon: ERROR:
isakmp_quick.c:1071:quick_r1recv(): failed to get proposal for
responder.
Jun 30 10:23:17 wall racoon: ERROR: isakmp.c:1073:isakmp_ph2begin_r():
failed to pre-process packet.
Jun 30 10:23:27 wall racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r():
respond new phase 2 negotiation:
184.173.155.192[0]<=>184.159.170.90[0]

It seemde to be better with the m0n0 versions with bsd 5.3 and getting
worse with the most current ones.

I played around with the lifetime, with the advanced feature "Prefer
old IPsec SAs" but does not seem to help.

To fix it it seems some time to be sufficient to restart ipsec on the
dynamic mono but usually I have to delete all SAP and SPD and the
restart IPSEC on the remote mono.

Any ideas to fix that situation?

-L