[Openswan dev] Re: [Users] FreeSWAN on SuSE Linux and FreeBSD with racoon interoperate.

Paul Wouters paul at xelerance.com
Thu Feb 26 13:27:56 CET 2004

On Wed, 25 Feb 2004, Alexander Rusinov wrote:

> I've been trying to install transport IPSec connection between SuSE 
> Linux with FreeSWAN host ( and FreeBSD with racoon host 
> ( I can see Racoon and FreeSWAN establish connection 
> successfully, and both hosts start to send encrypted packets, but 
> FreeBSD host does not decrypt packets, and I see the following messages 
> in it's system log:
> /kernel: checksum mismatch in IPv4 AH input: packet(SPI=11911152 
> src= dst= SA(SPI=11911152 src= 
> dst=
> SuSE Linux host:
> Distribution: SuSE Linux 9.0
> Kernel:       linux 2.4.21-144-default
> FreeSWAN:     1.99_0.9.34
> FreeBSD host:
> Distribution: FreeBSD 4.6-RELEASE
> Racoon:       racoon-20020507a

Can you recompile freeswan and leave out IP compression (CONFIG_IPSEC_IPCOMP) ?
Setting compression=no will still let the freeswan machine respond to a
compression request. So this really requires a recompile.

I have a hunch that the compression between KAME-like stacks and KLIPS do not
interop. (And I think Michael concluded earlier that this is a KAME bug)


More information about the Dev mailing list