[Openswan Users] No ipsec0 inteface

Paul Wouters paul at xelerance.com
Thu May 27 23:04:35 CEST 2004


On Thu, 27 May 2004, Ken Bantoft wrote:

> On Thu, 27 May 2004, Maxim Tyurin wrote:
> 
> > "Joost Wolthuis" <JoostW at telecats.nl> writes:
> > 
> > > I'm using fedora core1, kernel 2.6.6 and openswan-2.1.2
> > >
> > > The only strange thing is that there is no interface ipsec0 but an extra
> > > route through interface eth2. 
> > 
> > Linux kernel 2.6 native IPsec dont create ipsec* interface
> > 
> > And compression works for you? 
> > 
> > For me does not work in such configuration 
> > Super FreeS/WAN 1.99.8 <-> Openswan 2.1.1
> 
> Compression is broken on 2.6 - known issue.  

Just to clarify some possible confusion. The option "compress=yes" just means
that compression is being announced, not that it is actually accepted by
the other end or used. So having compress=yes (or no) just changes the
announcement. But if you build the binary with compression support, and put
in compress=no, and the other end offers compression, it is being used.

And as Ken said, compression on the native 2.6 stack is broken. It might
interop with itself, but in its current state should never interop with
anything else. KLIPS correctly sees the mangled packets and drops them.

Paul



More information about the Users mailing list