[Openswan Users] routing problem with 2.6.1x kernel and openswan 2.x

[Andraz Sraka]

re

I'm having strange problems with two ipsec routers. One is running
Debian Sarge / vanilla 2.6.10 kernel with openswan 2.2, the other is
running Debian Sarge / vanilla 2.6.11.10 kernel with openswan 2.3. On
the other side are CyberGuard/SG570 (linux 2.4.x + SnapGear ipsec-tools)
ipsec routers and linux boxes with freeswan 1.98.

Whenever I want to connect two subnets for instance

Location A   Openswan U2.2.0/K2.6.10      Cyberguard/SG570   Location B
192.168.31.0/24===[x]----------- internet -----[z]===172.16.0.0/16

or

Location A   Openswan U2.3.0/K2.6.11.10     Freeswan 1.98   Location B
10.10.10.0/28===[x]----------- internet -----[z]===192.168.1.0/24

the routing from one network to the other only works for short period of
time. (usually from 10 minutes up to 1 hour .. ) Routes are in the
routing table (according to 'ip route show and there is no firewall in
between .. and ip packages can no longer get from one network to the
another. After restarting ipsec oz. refreshing ipsec connection (ipsec
auto --down/--up) it works again .. but again only for short period of
time.

I've already checked kernel logs and ipsec logs on both sides, and I
cannot locate where the problem can be, since logs don't include any
errors.

Any clues?


regards,
 Andraz

-- 
BOFH excuse #241:

_Rosin_ core solder? But...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20050603/853d93e9/attachment.bin