[Ipsec-tools-users] wrong config for ipsec tunnel

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Dear Users!

I will appreciate any help!  Please tell me what is wrong with my 
configuration.  I am a very BEGINNER and the problem is urgent.

T-H-A-N-K    Y-O-U

network:

a.a.a.a --- (eth) ---- B.B.B.B ---- (ppp- ipsec) ---- C.C.C.C --- (eth) --- 
d.d.d.d

Four machines. 

"BBBB" - is an www-apache server, and:

when I use "BBBB" from "dddd" is works fine, BUT

if I use "BBBB" from "CCCC" - often crashing.

"aaaa" and "dddd" are local networks.

my config:

spdadd B.B.B.B C.C.C.C any -P out ipsec
        esp/tunnel/B.B.B.B-C.C.C.C/require;

spdadd C.C.C.C  B.B.B.B any -P in ipsec
        esp/tunnel/C.C.C.C-B.B.B.B/require;

iptables -t nat -A POSTROUTING -o ppp0 -m policy --dir out --pol ipsec -j 
ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

and a standard racoon.conf:

path pre_shared_key "/etc/racoon/psk.txt";

remote anonymous
{
        exchange_mode aggressive,main;
        doi ipsec_doi;
        situation identity_only;

        my_identifier address;

        lifetime time 2 min;   # sec,min,hour
        initial_contact on;
        proposal_check obey;    # obey, strict or claim

        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2 ;
        }
}

sainfo anonymous
{
        pfs_group 1;
        lifetime time 2 min;
        encryption_algorithm 3des ;
        authentication_algorithm hmac_sha1;
                compression_algorithm deflate ;
}

Linux 2.6.18
ipsec-tools 0.6.6

===END===