[Openswan dev] disabling compression?

Paul Wouters paul at xtdnet.nl
Mon Feb 9 16:33:15 CET 2004

>From the manpage:

      compress      whether IPComp compression of content is proposed on  the
                     connection  (link-level  compression  does  not  work  on
                     encrypted data, so to be effective, compression  must  be
                     done before encryption); acceptable values are yes and no
                     (the default).  The two ends need not agree.  A value  of
                     yes  causes  IPsec  to propose both compressed and uncom-
                     pressed, and prefer compressed.  A value of  no  prevents
                     IPsec  from proposing compression; a proposal to compress
                     will still be accepted.

I have a feelings some things might be breaking because the IPCOMP from the 2.6
native stack (26sec) is not compatible with how KLIPS implements it. 

Is there a way of completely disabling this with KLIPS, even if the other end
proposes this? If so, the docs need to be fixed. If not, consider it a
feature request.

As a workaround, I'll compile without IPSEC_COMP, changed in 
./linux/net/ipsec/defconfig. (I assume this is the right place, since we no
longer patch /usr/src/linux/.config)


More information about the Dev mailing list