[Openswan Users] Hung sessions in 2.1.[45] under 2.6.7

[Shane Hickey]

Howdy all.  I have a laptop running Gentoo linux that is acting as my firewall/vpn endpoint.  Until recently, I was using Gentoo's hardened sources.  Recently, they have dropped the KLIPS patches from their sources, so I had been patching the kernel manually.  However, I was having some weird behavior so I jumped to 2.6.7 (Gentoo's hardened dev sources).

I built my VPN (under my old kernel) using Openswan 2.1.4  talking to a Cisco VPN Concentrator.  It has been working without problems for quite some time.

However, after I migrated to 2.6.7 I ran into problems.  First, I emerged ipsec-tools so that I could get setkey.  After I got setkey (and rebuilt my kernel for ESP support) I was able to bring my VPN up.

I am able to ping across my VPN (even with 5k packets) without any problems.  However, I can't browse webpages on remote servers, it transfers a tiny bit of the page (maybe the page title) and then it hangs.  Also, I can ssh across the VPN, but if I do 'cat', 'vi' or even 'ls' (basically anything that would have transmitted text back to me) it will also hang.  It sorta sounded like a MTU thing, but then I wouldn't expect the large pings to work.

I also tried to add compress=no to my ipsec.conf and that didn't seem to help.  Has anyone seen behavior like this?  I apologize if it's already been answered.  I really did try and find the solution on my own.

-- 
Shane Hickey <shane at howsyournetwork.com>: Network/System Consultant
GPG KeyID: 777CBF3F
Key fingerprint: 254F B2AC 9939 C715 278C  DA95 4109 9F69 777C BF3F
Listening to: The Cure - The Caterpillar (Flicker Mix)