ipsec passthrough freezes

[Mike Wolman <mike_(_at_)_nux_(_dot_)_co_(_dot_)_uk>]

Hi,

I have an OpenBSD 3.5 release box i am having problems with, it has an em 
parent interface with about 30 vlans on it.

Things had been running fine for about 6 months and then the machine 
simply froze with no sign of why.  I did all the normal checks and 
replaced memory, i even replaced the whole machine with a well tested one
(3 different network card manufacturers tried - em, fxp, xl).

Eventually i tracked this problem down to a 2 clients on the same vlan 
using sonicwall global vpn client (version 2.2.2.210) to connect to the 
same external vpn server, as soon as the second client makes the 
connection the box simply dies.  From the spec of the vpn software is 
supports ipsec pass-though and nat-t - even if it doesnt work it shouldnt 
be able to bring the firewall down.

Over the past few months I have tested this with OpenBSD 3.5, 3.6 and in 
desperation tried FreeBSD 5.2 and 5.3.  All just freeze up as soon as the 
second client starts their vpn client software.

All the machine is doing is natting the internal network and no cleverness 
in pf with multiple connections or altq or any vpns from the firewall 
(isakmpd is not running on the box).

Has anybody else experience this with natting vpn clients?

As a fix i have simply moved this client to a dumb hub and adsl modem, 
however this is not ideal as we have no control over the traffic.

Mike.