[Openswan Users] Hanging connections

[David Williams]

Hello all

Thanks for the help over the weekend, I was most impressed to get an 
answer on Sunday morning. The leftsourceip option solved that problem, 
however another more serious one has come to light.

I have a gentoo linux gateway (kernel 2.6.15) running openswan 2.4 and
connecting to a Zxyel 652 router. The connection comes up find and I can 
ping back and forth no problem. However I can only recieve a small 
amount of data before the connection hangs up. For example I start a 
manual POP3 session from the gateway to a computer at the Zyxel end and 
retrieve 2 small emails and the connection just hangs on the third.

I have another gentoo PC, (this one) with a similar config at another 
location and it works fine. The main difference between the two is that 
the problem system is a 64bit AMD Sempron with 64 bit kernel and 
software while this one is a 32bit Athlon. Could that be relevent?

I had a problem setting the Openswan up because there wasn't enough 
entropy in /dev/random, I had to use /dev/urandom instead when 
generating a host key.

I'm running Shorewall (2.4.2) on both systems and have applied the 
policy patch to both kernels and recompiled iptables. I have just 
updated the iptables on the problem machine to 1.3.5 but that made no 
difference. The version of IPsec-tools is 0.6.3

I've looked in the logs and nothing leaps out at me although I admit 
that I'm not really sure what I'm looking at!


conn remote
    type=tunnel
    left subnet=192.168.53.0/24
    left sourceip=192.168.53.253
    left=6.7.8.9
    leftnexthop=%direct
    right=1.2.3.4
    rightsubnet=192.168.52.0/24
    rightnexthop=%direct
    keyexchange=ike
    auth=esp
    authby=secret
    pfs=no
    auto=start

Any help or pointers about where to start looking would be greatly 
appreciated as I'm being given a lot of grief right now.

thanks

David Williams