[Openswan dev]
Re: [Users] FreeSWAN on SuSE Linux and FreeBSD with racoon
interoperate.
Paul Wouters
paul at xelerance.com
Thu Feb 26 13:27:56 CET 2004
On Wed, 25 Feb 2004, Alexander Rusinov wrote:
> I've been trying to install transport IPSec connection between SuSE
> Linux with FreeSWAN host (192.168.1.11) and FreeBSD with racoon host
> (192.168.1.3). I can see Racoon and FreeSWAN establish connection
> successfully, and both hosts start to send encrypted packets, but
> FreeBSD host does not decrypt packets, and I see the following messages
> in it's system log:
>
> /kernel: checksum mismatch in IPv4 AH input: packet(SPI=11911152
> src=192.168.1.11 dst=192.168.1.3) SA(SPI=11911152 src=192.168.1.11
> dst=192.168.1.3)
>
> SuSE Linux host:
> Distribution: SuSE Linux 9.0
> Kernel: linux 2.4.21-144-default
> FreeSWAN: 1.99_0.9.34
>
> FreeBSD host:
> Distribution: FreeBSD 4.6-RELEASE
> Racoon: racoon-20020507a
Can you recompile freeswan and leave out IP compression (CONFIG_IPSEC_IPCOMP) ?
Setting compression=no will still let the freeswan machine respond to a
compression request. So this really requires a recompile.
I have a hunch that the compression between KAME-like stacks and KLIPS do not
interop. (And I think Michael concluded earlier that this is a KAME bug)
Paul
More information about the Dev
mailing list