<div>Hi.</div>

<div>I have problem with 1 VPN connection. </div>

<div>I need VPN connection between <a href="http://192.168.0.0/24">192.168.0.0/24</a> and <a href="http://2.2.2.2">2.2.2.2</a>.</div>

<div><a href="http://192.168.0.0/24===1.1.1.1---1.1.1.1.11..INTERNET..2.2.2.2">192.168.0.0/24===1.1.1.1---1.1.1.1.11..INTERNET..2.2.2.2</a></div>

<div>VPN server(<a href="http://1.1.1.1">1.1.1.1</a>) crashes often.</div>

<div>&nbsp;</div>

<div>The last DEBUG messages(plutodebug=all) states about &#39;conn A-B&#39; before <a href="http://1.1.1.1">1.1.1.1</a> crash.<br><br>VPN server 1.1.1.1(openswan 2.4.9):<br>conn A-B<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; type=tunnel<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; compress=yes

<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auto=start<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authby=rsasig<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auth=esp<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; esp=3des-md5<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pfs=yes<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="mailto:leftid=@A_B">leftid=@A_B</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; left=<a href="http://1.1.1.1">1.1.1.1</a><br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftnexthop=1.1.1.1.11<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftsubnet=<a href="http://192.168.0.0/24">192.168.0.0/24</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftrsasigkey=...<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="mailto:rightid=@B_A">rightid=@B_A</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; right=<a href="http://2.2.2.2">

2.2.2.2</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightrsasigkey=...<br><br>VPN server 2.2.2.2(openswan 2.4.7)<br>conn A-B<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; type=tunnel<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; compress=yes<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auto=start<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authby=rsasig<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auth=esp<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; esp=3des-md5

<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pfs=yes</div>

<div>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="mailto:leftid=@B_A">leftid=@B_A</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;left=<a href="http://2.2.2.2">2.2.2.2</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftrsasigkey=...<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="mailto:rightid=@A_B">rightid=@A_B</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; right=<a href="http://1.1.1.1">

1.1.1.1</a> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightnexthop=1.1.1.1.11 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightsubnet=<a href="http://192.168.0.0/24">192.168.0.0/24</a> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightrsasigkey=... I don&#39;t know why there are some strings with &#39;(IPsec SA established)&#39;.

</div>

<div><br>000 &quot;A-B&quot;: <a href="http://192.168.0.0/24===1.1.1.1[@A_B]---1.1.1.1.11..2.2.2.2[@B_A]">192.168.0.0/24===1.1.1.1[@A_B]---1.1.1.1.11..2.2.2.2[@B_A]</a>; erouted; eroute owner: #40<br>000 &quot;A-B&quot;:&nbsp;&nbsp;&nbsp;&nbsp; srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;

<br>000 &quot;A-B&quot;:&nbsp;&nbsp; ike_life: 3840s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0<br>000 &quot;A-B&quot;:&nbsp;&nbsp; policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 24,32; interface: eth1; encap: esp;

<br>000 &quot;A-B&quot;:&nbsp;&nbsp; newest ISAKMP SA: #35; newest IPsec SA: #40;<br>000 &quot;A-B&quot;:&nbsp;&nbsp; IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536<br>000 &quot;A-B&quot;:&nbsp;&nbsp; ESP algorithms wanted: 3DES(3)_000-MD5(1); flags=strict

<br>000 &quot;A-B&quot;:&nbsp;&nbsp; ESP algorithms loaded: 3DES(3)_000-MD5(1); flags=strict<br>000 &quot;A-B&quot;:&nbsp;&nbsp; ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=&lt;Phase1&gt;<br>000 #40: &quot;A-B&quot;:500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 28251s; newest IPSEC; eroute owner

<br>000 #40: &quot;A-B&quot; used 222s ago; <a href="mailto:esp.e8caf0de@2.2.2.2">esp.e8caf0de@2.2.2.2</a> <a href="mailto:esp.4030d46a@1.1.1.1">esp.4030d46a@1.1.1.1</a> <a href="mailto:tun.1018@2.2.2.2">tun.1018@2.2.2.2</a>

 <a href="mailto:tun.1016@1.1.1.1">tun.1016@1.1.1.1</a><br>000 #39: &quot;A-B&quot;:500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 28243s<br>000 #39: &quot;A-B&quot; <a href="mailto:esp.e8caf0dd@2.2.2.2">esp.e8caf0dd@2.2.2.2

</a> <a href="mailto:esp.4030d469@1.1.1.1">esp.4030d469@1.1.1.1</a> <a href="mailto:tun.1017@2.2.2.2">tun.1017@2.2.2.2</a> <a href="mailto:tun.1015@1.1.1.1">tun.1015@1.1.1.1</a><br>000 #35: &quot;A-B&quot;:500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3239s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)

<br>000 #38: &quot;A-B&quot;:500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27906s<br>000 #38: &quot;A-B&quot; <a href="mailto:esp.e8caf0df@2.2.2.2">esp.e8caf0df@2.2.2.2</a> <a href="mailto:esp.4030d468@1.1.1.1">

esp.4030d468@1.1.1.1</a> <a href="mailto:tun.1014@2.2.2.2">tun.1014@2.2.2.2</a> <a href="mailto:tun.1013@1.1.1.1">tun.1013@1.1.1.1</a><br>000 #37: &quot;A-B&quot;:500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2641s; lastdpd=-1s(seq in:0 out:0)

</div>

<div>&nbsp;</div>

<div>I think that problem is in routing table:</div>

<div><a href="http://1.1.1.1">1.1.1.1</a>&gt;ip route show | grep <a href="http://2.2.2.2">2.2.2.2</a><br><a href="http://2.2.2.2">2.2.2.2</a>&nbsp;via <a href="http://1.1.1.11">1.1.1.11</a> dev ipsec0</div>

<div>&nbsp;</div>

<div><a href="http://1.1.1.1">1.1.1.1</a> VPN server:</div>

<div>IP traffic go&nbsp;to <a href="http://2.2.2.2">2.2.2.2</a> through dev ipsec0.</div>

<div>But&nbsp;&nbsp;traffic go from <a href="http://2.2.2.2">2.2.2.2</a> through eth0.<br>&nbsp;</div>

<div>How can I resolve my problem? change routing? or ipsec.conf?</div>

<div>Thank you!</div>