Nonetheless, tcpdump registered lots of traffic during the whole night.
So what does it say and how does that compare to e.g. the Pluto logs? Have you tried using tcpdump on the FreeS/WAN machine itself?
Pluto says this:
Sep 12 11:01:52 uhura kernel: klips_debug:gettdb: linked entry in tdb table for hash=175 of SA:esp0x41b4818@<gateA> requested. Sep 12 11:01:52 uhura kernel: klips_debug:gettdb: linked entry in tdb table for hash=230 of SA:tun0x1002@<gateB> requested.
That's what KLIPS says, not Pluto. Set plutodebug to 'all' and see what Pluto says.
tcpdump says this:
11:03:52.085197 62.180.107.34 > <gateA>: ESP(spi=0x041b4818,seq=0x7dc) 11:03:52.086084 62.180.107.146 > <gateB>: ESP(spi=0x7511fb3c,seq=0x936)
Note, <gateA> is the IP-address of the one ipsec-gateway, <gateB> the one from the other ipsec-gateway.
What are the machines 62.180.107.34 and 62.180.107.146, not <gateB> and <gateA> respectively, by chance? Where did you sniff this, on which machine? Have you tried using tcpdump on <gateA> and <gateB>, perhaps specifying the ipsec0 interface (assuming that's the one you use)? If not, do so. Cya, Tobias