[Openswan dev] IPComp

D. Hugh Redelmeier hugh at mimosa.com
Fri Jul 2 11:05:32 CEST 2004 

-----BEGIN PGP SIGNED MESSAGE-----

| From: Dominique Blas <ml at blas.net>

[It is good to keep the lines of a mailing list message shorter than
80 characters.  This makes the quoting in replies easier to read.]

| I'm currently testing openswan 2.2.0dr1 on native 2.6 IPSEC and I
| encounter something curious with IPComp. I know that native IPComp is
| not advised to be used but here, it is the IPcomp scenario that works
| better.

Perhaps the compression of IPcomp shrinks the packet enough to avoid
fragmentation or MTU problems.  I've not understood your message well
enough to guess if this might be the case.

| I have to say that my VPN head is a small machine with << only >> 64 MB
| of memory. That's fine for testing such configuration. I'm convinced
| that with 128MB I'd not see these behaviours.

I've often used gateways with smaller memory (with older FreeS/WAN).
I've not done so recently.

| WITHOUT compression big packets (> 1000 bytes) can go through the
| interface (and come back) BUT many memory allocations from pluto failed
| (lack of memory) and, finally, the tunnel hangs.

Paul said that I've fixed Pluto memory leaks.  All memory leaks in
Pluto have been slow and small -- the kind that don't shout at you
when testing.  It sounds as if there is a fast big leak here, so I
would know nothing about it.  It certainly would be helpful if you
quoted the exact message you get from Pluto.

| So here we are : with IPComp, even if the packet are smaller (it depends
| on their own compression rate) pluto needs some memory for them to
| carry, doesn't it ?

Pluto doesn't see the IPsec packets (for data transmission through
the tunnel), only the IKE packets (for negotiating the tunnel).  So
IPcomp should not in any way affect the amount of memory Pluto
allocates.

A barf would be good.  Since I'm not working on *Swan these days, I
would not be the one to look at it.

Hugh Redelmeier
hugh at mimosa.com  voice: +1 416 482-8253

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBQOVrt8FAuQPManGZAQEvpAQAmhFSMAe8sk0m5Q9WuAVqFJJVjEvokI/H
XzjpASD3Y6xYnEHqUeCwf3dXK/8jzB55XP8EOFTQpUgY99AcdXdE9LOIOgZ6QtUw
jCzsKbsAI+swQlpo/i0RiNys3f0FnKgC1YlqxmYG/ZnQGEe5xc+Rd5QirctVXBLD
KRFnbD9eNGM=
=OkEJ
-----END PGP SIGNATURE-----

More information about the Dev mailing list