[Openswan Users] Re:2.6.13+Klipsproblems

[Andrew Congdon]

> > Is your interface being down'ed
> > briefly?
>
> No it's just the ipsec0 connectivity which is being lost. Can still talk
> to the public target address just not through the tunnel.

Well that's wrong! Checked it again and I'm definitely losing connection to
the public address:

64 bytes from XXX.XXX.XXX.XXX: icmp_seq=36 ttl=62 time=506 ms
64 bytes from XXX.XXX.XXX.XXX: icmp_seq=37 ttl=62 time=731 ms
64 bytes from XXX.XXX.XXX.XXX: icmp_seq=38 ttl=62 time=1005 ms
64 bytes from XXX.XXX.XXX.XXX: icmp_seq=59 ttl=62 time=39.0 ms

and that loss corresponds to the message:

klips_error:ipsec_xmit_send: ip_send() failed, err=-1


Now watching more carefully I can get that message and not lose the connection
(hence my original answer).
Either way I don't not lose connectivity with the ISP upstream router, so
I assume the interface is staying up, although the times do blow out:

64 bytes from X.X.X.X: icmp_seq=142 ttl=255 time=599 ms
64 bytes from X.X.X.X: icmp_seq=143 ttl=255 time=906 ms
64 bytes from X.X.X.X: icmp_seq=144 ttl=255 time=1232 ms
64 bytes from X.X.X.X: icmp_seq=145 ttl=255 time=1220 ms
..
64 bytes from X.X.X.X: icmp_seq=184 ttl=255 time=14.8 ms
64 bytes from X.X.X.X: icmp_seq=185 ttl=255 time=14.7 ms


Maybe I should just add a ceiling to the gre interfaces bandwidth
and see if that has any effect?

--
Andrew