I have a Linux router running the Ubuntu 2.6.32-25-server kernel. eth0 is connected to the WAN with a public IP address and eth1 is connected to the LAN with an rfc1918 address. There are two ipsec tunnels over the eth0 interface. BGP (quagga) is being used inside the tunnels to connect private_net-a (my side) with private_net-b (the other side). Iptables is being used to allow all ipsec policy traffic from approved origins in the input and forward tables. Both tunnels are up and traffic flows successfully in both directions. Periodically connectivity is lost, often mid-stream, from hosts on private_net-a to private_net-b. When this happens I can see that packets successfully leave private_net-a via eth0 and the ipsec tunnel. In all cases I can also see the returning packets (on eth0). These packets however are not forwarded out of eth1 to the LAN. The routes have not changed. All other tunnel traffic between different endpoint tuples in unaffected. At some point the future communications between this tuple return to normal. At no point do I lose the ability to communicate between the router and any hosts on either private net. Neither flushing conntrack (conntrack -F) nor the route cache (ip route flush cache) causes immediate relief. I have not tried flushing the kernel forwarding table as I have found no way to do so. I can certainly provide much more information upon request. Are there any known issues that I may be encountering? Thanks, Ed -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
