[Openswan Users] KLIPS not responding to 348+ byte ESP-in-UDP packets?

Toby Corkindale openswan at wintrmute.net
Sat Aug 28 23:14:57 CEST 2004

On Fri, Aug 27, 2004 at 11:31:38PM +0200, Paul Wouters wrote:
> On Fri, 27 Aug 2004, Toby Corkindale wrote:
> >For this example, I have a machine with native IPSEC, sitting
> >behind a NAT firewall. It is connecting to a 2.4.27 machine running KLIPS.
> >Both machines are using Openswan 2.1.5.
> >I now try pinging the host via the tunnel. Pings (up to -s 287) work fine,
> >but after that, it fails to respond.
> Can you try and add compression=no to both ends. I have a strong sspicion
> compression+nat-t is broken on 2.4 with klips currently. Perhaps also on 2.6
> with klips (Nate?)

Setting compress=no on both machines solved the problem!

Looks like that's the problem, then..


Turning and turning in the widening gyre/The falcon cannot hear the falconer;
Things fall apart, the centre cannot hold/Mere anarchy is loosed upon the world
(gpg --keyserver www.co.uk.pgp.net --recv-key 897E5FF3)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040828/3ecf2a59/attachment.bin

More information about the Users mailing list