[Openswan Users] Loss problems with OpenSwan

[Cristian Petrescu]

Dear Users,
   I've been using OpenSwan CentOS 6.4 ( 2.6.32-358.2.1.el6.x86_64 ) for 
some time, it works well but from time to time we start experiencing 
around 2-3% loss on the connection. If we restart both openswan ends the 
loss goes away, I wasn't able to determine when and why the loss occurs. 
I've checked /var/log/secure and there isn't anything happening out of 
normal. I've had problems in the past with ksoftirqd reaching 100% but 
after setting /proc/sys/net/ipv4/xfrm4_gc_thresh to 100 and installing 
irqbalance that ksoftirqd was solved. Please help me solve this issue, 
below is the configuration:

HOST2:
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
         protostack=netkey
         virtual_private=%v4:10.122.0.0/16
         oe=off
         nhelpers=0

conn host1host2
         dpdaction=restart_by_peer
         dpdtimeout=60
         dpddelay=10
         left=<host2 public ip>
         leftsubnets={10.122.1.1/32,<host2 public ip>/32}
         leftid=@host2
         leftnexthop=%defaultroute
         right=<host1 public ip>
         rightsubnets={10.122.3.0/24,<host1 public ip>/32}
         rightid=@host1
         rightnexthop=%defaultroute
         auto=start
         authby=secret
         type=tunnel

On HOST2, 10.122.1.1 is assigned to lo:0
On HOST1, 10.122.3.2 is assigned to a network interface that is gateway 
for the equipments in that network in order to reach 10.122.1.1
HOST2 and HOST1 have the same ipsec.conf configuration.

Best regards,
Cristi