[Openswan Users] VPN starts but fails two minutes later

Fri Aug 18 10:23:58 EDT 2006

Hi all,

i'm new to openswan and i've difficulties to create VPN between a linux box and my WinXP computer:

---------      ---------
| WinXP | <--> | Linux | <--> LAN
---------      ---------

WinXP : 192.168.9.185
Linux : 192.168.9.235 and 192.168.5.235
LAN   : 192.168.5.0/24

Here is one of my ipsec.conf files (i try a lot of things but without success!)

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.5.0/255.255.255.0,%v4:!192.168.2.0/255.255.255.0

conn %default
        keyingtries=0
        disablearrivalcheck=no

conn Test
        keyingtries=3
        rekey=no
        left=192.168.9.235
        leftnexthop=%defaultroute
        leftsubnet=192.168.5.0/255.255.255.0
        right=192.168.9.185
        rightsubnet=vhost:%no,%priv
        dpddelay=30
        dpdtimeout=120
        dpdaction=clear
        authby=secret
        auto=add

When i try to create VPN, it works but it fails two minutes after! 
When i look at connection status on winXP, i can see the total of bytes send increase but not the total of bytes received.

When i loook at the routing table on the linux box, i can saw a line :

 Destination    Gateway        Genmask          Iface
192.168.9.185  192.168.9.185  255.255.255.255  ipsec0

but this route disapear a few seconds after. Is it normal? I think not...

Also, i have a question about nat-transversal, openswan is already patched but i think this options should be on 'no'. Am i wrong?

I use Openswan 1.0.7, i know it's an old version but i can success to open VPN with that version, it's better!

Thanks a lot for your help and sorry for my english, i'm french!

Ludo.