I will start by saying that the problem occurs randomly. Most of the time the system works correctly.
At the University of Murcia we have a CCR1072-1G-8S + configured to provide VPN service to dozens of users in road warrior configuration.
The problem is that even though VPN clients connect using either IPSec or L2TP over IPSec, the tunnel does not work.
Authentication is done via RADIUS. They get IP from RADIUS and the route table of their devices shows a route with the highest priority through the tunnel.
When reviewing the logs on the VPN client end (Linux, Mac and Windows) we have seen these IPSec NO-PROPOSAL-CHOSEN information messages in phase 2 IPSec. We have already expanded in CCR1072 the cryptographic set of phase 2 with more authentication and encryption algorithms.
As a curiosity, I will comment that the only anomaly I have found is that of the 72 cores, the core number 15 reaches 100% of CPU use most of the time. We have disabled firewal rules and CPU usage number 15 is still high. The result of a profiling of the CPU 15 yields a high percentage of CPU usage and secondly a high percentage of network usage.
The WAN interface reaches traffic peaks of 120Mbps. It’s autonegotiated at 1Gbps. There is no saturation of the WAN interface
The software version is 4.46.4
As I said, the problem occurs randomly.
Thanks in advance