[Openswan Users] ipsec always up, but transfer interrupted

[Daniel Fenert]

I wrote here some time ago (on August) about my problems with openswan.
I'll try again, maybe this time someone will come with some good idea.

The problem is that openswan connection is stable, no problem in logfile, but
from time to time there's a break in transfer through ipsec0 interface.
During this break, usually I can ping from left to right using not encrypted
link. Running tcpdump on ipsec0 helps for the break for some time.
Also pinging from one network to the other sometimes eliminates break.

Connection is network-to-network, one end is road warrior.
Simpliest setup:
conn rp2
        left=__MY_IP__
        leftnexthop=__MY_ROUTER__
        leftsubnet=192.168.0.0/16
        right=0.0.0.0
        rightsubnet=192.168.2.0/24
        auto=add
        leftcert=rimmon.crt
        rightcert=rp2.crt
        pfs=no

I have feeling that problem lies somewhere in kernel/network setup. Both
routers are internet gateways (SNAT/MASQUERADE) for their networks.

Here's .config from main router:
http://daniel.fenert.net/.config_rimmon

Please take a look at this .config and tell me if there're some 'conflicting
options' or something just wrong set up.

-- 
Daniel Fenert                 --==> daniel at fenert.net <==--