Hi thanks for your answer.<div><br></div><div>We comment "compress=yes" But we steel having the message.</div><div>Actualy we have this message too: failed to install outgoing SA: 0</div><div><br></div><div>The VPN go up, but after few time, the second phase fall and we need to restart the VPN.</div>
<div><br></div><div>Exempl of conf files:</div><div><br></div><div><div>conn vpn-name</div><div> auth=esp</div><div> ike=aes128-md5-modp1024</div><div> authby=secret</div><div> auto=route</div>
<div> #compress=no</div><div> pfs=no</div><div> type=tunnel</div><div> keylife=24h</div><div> esp=null-md5</div><div> left=public-ip-A</div><div> leftid=public-ip-A</div><div>
leftsubnet=subnet-A</div><div> right=public-ip-B</div><div> rightid=public-ip-B</div><div> rightsubnet=subnet-B</div></div><div><br></div><div>/etc/ipsec.d/examples/no_oe.conf</div><div><br></div>
<div><div>conn block </div><div> auto=ignore</div><div><br></div><div>conn private </div><div> auto=ignore</div><div><br></div><div>conn private-or-clear </div><div> auto=ignore</div><div><br></div><div>conn clear-or-private </div>
<div> auto=ignore</div><div><br></div><div>conn clear </div><div> auto=ignore</div><div><br></div><div>conn packetdefault </div><div> auto=ignore</div></div><div><br></div><div>/etc/ipsec.conf</div><div><br></div>
<div><div># /etc/ipsec.conf - Openswan IPsec configuration file</div><div># RCSID $Id: <a href="http://ipsec.conf.in">ipsec.conf.in</a>,v 1.15.2.6 2006/10/19 03:49:46 paul Exp $</div><div><br></div><div># This file: /usr/share/doc/openswan/ipsec.conf-sample</div>
<div>#</div><div># Manual: ipsec.conf.5</div><div><br></div><div><br></div><div>version 2.0 # conforms to second version of ipsec.conf specification</div><div><br></div><div># basic configuration</div><div>config setup</div>
<div> forwardcontrol=yes</div><div> nat_traversal=yes</div><div> uniqueids=no</div><div> nhelpers=0</div><div><br></div><div># Add connections here</div><div><br></div><div># sample VPN connections, see /etc/ipsec.d/examples/</div>
<div><br></div><div>#Disable Opportunistic Encryption</div><div>include /etc/ipsec.d/examples/no_oe.conf</div><div><br></div><div>include /etc/ipsec.d/sites/*.conf</div></div><div><br></div><div><br></div><div>ipsec.secrets</div>
<div><br></div><div>public-ip-A public-ip-B : PSK "passkey"</div><div><br></div><div>lsmod:</div><div><br></div><div><div>Module Size Used by</div><div>xfrm_user 16134 2 </div><div>
ah6 3677 0 </div><div>ah4 3011 0 </div><div>esp6 3781 0 </div><div>xfrm4_mode_beet 1519 0 </div><div>xfrm4_tunnel 1201 0 </div><div>xfrm4_mode_transport 982 0 </div>
<div>xfrm6_mode_transport 1002 0 </div><div>xfrm6_mode_ro 870 0 </div><div>xfrm6_mode_beet 1358 0 </div><div>ipcomp 1356 0 </div><div>ipcomp6 1336 0 </div><div>
xfrm6_tunnel 4033 1 ipcomp6</div><div>af_key 23286 0 </div><div>esp4 3985 3504 </div><div>xfrm4_mode_tunnel 1264 7008 </div><div>xfrm6_mode_tunnel 1196 3504 </div>
<div>iptable_filter 1790 0 </div><div>ip_tables 7706 1 iptable_filter</div><div>x_tables 8327 1 ip_tables</div><div>authenc 4746 3504 </div><div>deflate 1315 0 </div>
<div>zlib_deflate 15822 1 deflate</div><div>ctr 2703 0 </div><div>camellia 16843 0 </div><div>cast5 15593 0 </div><div>rmd160 9448 0 </div>
<div>sha1_generic 1395 0 </div><div>hmac 2033 7008 </div><div>crypto_null 1876 3504 </div><div>tunnel4 1469 1 xfrm4_tunnel</div><div>xfrm_ipcomp 2855 2 ipcomp,ipcomp6</div>
<div>tunnel6 1364 1 xfrm6_tunnel</div><div>rng_core 2178 0 </div><div>ccm 6017 0 </div><div>serpent 16187 0 </div><div>blowfish 7252 0 </div>
<div>twofish 5665 0 </div><div>twofish_common 12560 1 twofish</div><div>ecb 1405 0 </div><div>xcbc 1925 0 </div><div>cbc 2047 0 </div>
<div>sha256_generic 10748 0 </div><div>sha512_generic 8009 0 </div><div>des_generic 15027 0 </div><div>aes_i586 6816 0 </div><div>aes_generic 25738 1 aes_i586</div>
<div>loop 9729 0 </div><div>radeon 511356 0 </div><div>ttm 33258 1 radeon</div><div>drm_kms_helper 18533 1 radeon</div><div>drm 111844 3 radeon,ttm,drm_kms_helper</div>
<div>i3200_edac 2311 0 </div><div>i2c_i801 6462 0 </div><div>container 1833 0 </div><div>i2c_algo_bit 3497 1 radeon</div><div>i2c_core 12751 5 radeon,drm_kms_helper,drm,i2c_i801,i2c_algo_bit</div>
<div>edac_core 23121 2 i3200_edac</div><div>snd_pcm 47226 0 </div><div>snd_timer 12258 1 snd_pcm</div><div>snd 34387 2 snd_pcm,snd_timer</div><div>soundcore 3450 1 snd</div>
<div>snd_page_alloc 4977 1 snd_pcm</div><div>pcspkr 1207 0 </div><div>evdev 5609 2 </div><div>parport_pc 15799 0 </div><div>parport 22554 1 parport_pc</div>
<div>button 3598 0 </div><div>shpchp 21220 0 </div><div>pci_hotplug 18065 1 shpchp</div><div>video 14605 0 </div><div>output 1204 1 video</div>
<div>psmouse 44777 0 </div><div>serio_raw 2916 0 </div><div>processor 26259 0 </div><div>ext3 93944 6 </div><div>jbd 31965 1 ext3</div><div>
mbcache 3762 1 ext3</div><div>sd_mod 25937 8 </div><div>crc_t10dif 1012 1 sd_mod</div><div>usbhid 27872 0 </div><div>hid 50841 1 usbhid</div>
<div>uhci_hcd 15989 0 </div><div>ata_generic 2247 0 </div><div>ata_piix 17704 0 </div><div>it8213 1996 0 </div><div>floppy 40923 0 </div><div>ide_core 59306 1 it8213</div>
<div>3w_xxxx 18465 7 </div><div>libata 115617 2 ata_generic,ata_piix</div><div>thermal 9206 0 </div><div>thermal_sys 9378 3 video,processor,thermal</div><div>scsi_mod 104593 3 sd_mod,3w_xxxx,libata</div>
<div>ehci_hcd 28453 0 </div><div>e1000e 97529 0 </div><div>usbcore 98613 4 usbhid,uhci_hcd,ehci_hcd</div><div>nls_base 4541 1 usbcore</div></div><div><br></div>
<div>Thanks for helping.</div><div><br></div><div>Benoit</div><div><br><div class="gmail_quote">2011/7/12 Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div></div><div class="h5">On Mon, 11 Jul 2011, SCHNEIDER Benoit wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
At my office we done a upgrade from a debian etch openswan version to a sqeeze one, and we steel having some problem.<br>
For some distant site we have this error:<br>
<br>
ERROR: netlink response for Add SA comp.9005@XX.XX.XX.XX included errno 22: Invalid argument<br>
add_sa ipcomp failed<br>
<br>
Any idear of this problem ?<br>
<br>
We look to have a MTU problem too, any idear ?<br>
</blockquote>
<br></div></div>
Looks like a kernel with no ipcomp module loaded?<br>
<br>
Comment out compress=yes ?<br><font color="#888888">
<br>
Paul</font></blockquote></div>
</div>