[Openswan dev]
Re: [Users] FreeSWAN on SuSE Linux and FreeBSD with racoon
interoperate.
Alexander Rusinov
alru at dreamtime.net
Thu Feb 26 20:13:56 CET 2004
Paul Wouters wrote:
> On Wed, 25 Feb 2004, Alexander Rusinov wrote:
>
>
>>I've been trying to install transport IPSec connection between SuSE
>>Linux with FreeSWAN host (192.168.1.11) and FreeBSD with racoon host
>>(192.168.1.3). I can see Racoon and FreeSWAN establish connection
>>successfully, and both hosts start to send encrypted packets, but
>>FreeBSD host does not decrypt packets, and I see the following messages
>>in it's system log:
>>
>>/kernel: checksum mismatch in IPv4 AH input: packet(SPI=11911152
>>src=192.168.1.11 dst=192.168.1.3) SA(SPI=11911152 src=192.168.1.11
>>dst=192.168.1.3)
>>
>>SuSE Linux host:
>>Distribution: SuSE Linux 9.0
>>Kernel: linux 2.4.21-144-default
>>FreeSWAN: 1.99_0.9.34
>>
>>FreeBSD host:
>>Distribution: FreeBSD 4.6-RELEASE
>>Racoon: racoon-20020507a
>
>
> Can you recompile freeswan and leave out IP compression (CONFIG_IPSEC_IPCOMP) ?
> Setting compression=no will still let the freeswan machine respond to a
> compression request. So this really requires a recompile.
>
> I have a hunch that the compression between KAME-like stacks and KLIPS do not
> interop. (And I think Michael concluded earlier that this is a KAME bug)
Can you, please, give a clue, how to turn this off on SuSE linux? I
didn't find CONFIG_IPSEC_IPCOMP in original SuSE kernel source. I've
downloaded source RPM for FreeSWAN from here:
http://www.suse.de/~garloff/linux/FreeSWAN/
but looks like this sources differ from ipsec module in kernel.
BTW, do you know, is it possible to turn the compression off on KAME's side?
--
Alexander Rusinov
More information about the Dev
mailing list