<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-8-i">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6603.0">
<TITLE>Re: [Openswan Users]</TITLE>
</HEAD>
<BODY dir=ltr>
<DIV align=left>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hi Paul<?xml:namespace prefix = o ns
= "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have my one ipcomp device driver
which compresses the packet and give it a new header (the src and the dest are
of the two hosts). I have a protocol handler on the remote site (symmetrically)
which opens the packet. The IPCOMP device routes the packet back to the routing
table and the packet is routed into ipsec0 (I can see it on the postrouting
chain the out device is ipsec0 and I added printk on the klips so I am sure my
packet arrives the ipsec0 but it is only routed and not
encrypted.<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks a lot
<o:p></o:p></SPAN></P></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV><FONT size=2>-----הודעה מקורית----- <BR><B>מאת:</B> Paul Wouters
[mailto:paul@xelerance.com] <BR><B>נשלח:</B> ד 11/23/2005 6:53 PM
<BR><B>אל:</B> moses reuben <BR><B>עותק לידיעה:</B> users@openswan.org
<BR><B>נושא:</B> Re: [Openswan Users]<BR><BR></DIV></FONT>
<P><FONT size=2>On Wed, 23 Nov 2005, moses reuben wrote:<BR><BR>> My ipsec
hosts are 192.168.20.20 and 172.16.20.20 (the tunnel left and right subnet are
172.16.0.0/16 and 192.168.0.0/16)<BR>> and I'm sending ipcomp traffic from
host to host (I have a device driver generating the ipcomp traffic). I see
that the<BR>> ipcomp traffic passes throw the ipsec0 but isn't encrypted
just routed. Has anyone have an idea why this is happening<BR>> (other
local traffic is encrypted properly).<BR><BR>I am not sure what you mean with
"ipcomp" traffic. The ipcomp kernel<BR>module is only used with NETKEY, not
KLIPS. You seem to be using KLIPS<BR>since you have ipsec0 interfaces.
Traffic needs to be routed into an<BR>ipsec0 device to be processed by KLIPS
and thus get encrypted.<BR><BR>Paul<BR></FONT></P></BLOCKQUOTE>
</BODY>
</HTML>