[Openswan Users] ipsec and "connect: Resource Temporarily Unavailable"

[Wang Rafael]

hi:
  I have a problem while use ipsec on 2.6 kernel. The Linux box is mandrav 
2006 Free edition with openswan 2.4.6. I update the kernel to 2.6.18, so 
that NAT and IPSEC could work well on the same box. 
  Network :
                              Internet
                                  |
                                  |
subnet1==========gateway1---------|-----------gateway2=========subnet2
                                  |
local net   IPSec/NAT gateway    vpn     IPSec/NAT gateway     local net
  Local net subnet1 and subnet2 does not know each other. The gateway 
starts both IPSEC and NAT service on the same box. Nodes in subnet could 
connect to Internet by NAT on gateway. Connection between gateway1 and 
gateway2 is encrypted.

  Problem:
 1. When IPSEC connection is established, everything goes well. But any 
node in this network has trouble while connectting to a new host. For 
Example, there is a node x in subnet2. Where node x ping a new host, it 
gets the message: "connect: Resource Temporarily Unavailable". The new host 
could be in anywhere, gateway1, gateway2, or some hosts on Internet. 
 2. When the IPSEC service is started, subnet's network is very slow, 
whatever connection established or not. If IPSEC service is stoped, any 
nodes in subnet1 or subnet2 could open a web page in several seconds, maybe 
2 or 3. If IPSEC service is started, we need about 2minutes(max) to open a 
web page, and sometimes we cannot open web pages.

  Sorry about my pool English. I hope you can understand what I mean. 
  My real name is Wang Xiaoqi. I come from China. You could call me Rafael.
  Thanks!
                                                                            
  Rafael

_________________________________________________________________
享用世界上最大的电子邮件系统― MSN Hotmail。  http://www.hotmail.com