[Openswan Users] Window XP <-> Debian

[Brian Sheets]

Hi

I am running debian vmlinuz-2.6.8-2-386, with openswan 1:2.2.0-8, l2tpd
0.70-pre20031121-2 as the openswan box

Windows XP SP2, using windows vpn client


My network is

192.168.23.x  (x:1 NAT) <-> netscreen 5gt <-> internet <-> debian box
<-> 10.x.x.x (1:1 NAT)

My ipsec.conf

version 2.0

config setup
     interfaces=%defaultroute
     nat_traversal=yes
     klipsdebug=all
     plutodebug=all
     uniqueids=yes

conn %default
     keyingtries=1
     compress=yes
     disablearrivalcheck=no
     authby=rsasig
     leftrsasigkey=%cert
     rightrsasigkey=%cert

conn L2TP-CERT
     #
     # Use a certificate. Disable Perfect Forward Secrecy.
     #
     authby=rsasig
     pfs=no
     left=xx.xx.205.201
     leftnexthop=%defaultroute
     leftrsasigkey=%cert
     leftcert=/etc/ipsec.d/certs/myhost.pem
     leftsendcert=always
     leftprotoport=17/1701
     #
     # The remote user.
     #
     right=%any
     rightrsasigkey=%cert
     rightprotoport=17/1701
     #
     # Authorize this connection, and wait for connection from user.
     #
     auto=add
     keyingtries=3


I am able to connect and route which surprised the hell out of me
because it took me 3 days to get it to work.. .my problem is, when I
connect more than one computer, only one will ping hosts on the 10.x.x.x
at any given time, even those both stay connected. 

I am logging in as two separate users, but I am using the same cert.

I followed http://www.natecarlson.com/linux/ipsec-x509.php for the
generation and use of the keys

Anyone got any ideas?

sb