Re: [Users] FreeSWAN on SuSE Linux and FreeBSD with racoon
alru at dreamtime.net
Thu Feb 26 20:13:56 CET 2004
Paul Wouters wrote:
> On Wed, 25 Feb 2004, Alexander Rusinov wrote:
>>I've been trying to install transport IPSec connection between SuSE
>>Linux with FreeSWAN host (192.168.1.11) and FreeBSD with racoon host
>>(192.168.1.3). I can see Racoon and FreeSWAN establish connection
>>successfully, and both hosts start to send encrypted packets, but
>>FreeBSD host does not decrypt packets, and I see the following messages
>>in it's system log:
>>/kernel: checksum mismatch in IPv4 AH input: packet(SPI=11911152
>>src=192.168.1.11 dst=192.168.1.3) SA(SPI=11911152 src=192.168.1.11
>>SuSE Linux host:
>>Distribution: SuSE Linux 9.0
>>Kernel: linux 2.4.21-144-default
>>Distribution: FreeBSD 4.6-RELEASE
> Can you recompile freeswan and leave out IP compression (CONFIG_IPSEC_IPCOMP) ?
> Setting compression=no will still let the freeswan machine respond to a
> compression request. So this really requires a recompile.
> I have a hunch that the compression between KAME-like stacks and KLIPS do not
> interop. (And I think Michael concluded earlier that this is a KAME bug)
Can you, please, give a clue, how to turn this off on SuSE linux? I
didn't find CONFIG_IPSEC_IPCOMP in original SuSE kernel source. I've
downloaded source RPM for FreeSWAN from here:
but looks like this sources differ from ipsec module in kernel.
BTW, do you know, is it possible to turn the compression off on KAME's side?
More information about the Dev