[Openswan Users] Openswan compression

Paul Wouters paul at xelerance.com
Thu Sep 2 00:06:08 CEST 2004


On Sat, 28 Aug 2004, Rolsma, Dan B wrote:

> 
> When I use compression I get this error:
>
> # ipsec auto --up alice-albuquerque
> 003 "alice-albuquerque" #3: ERROR: netlink_get_spi for
> comp.0 at xxx.xxx.xxx.xxx failed with errno 22: Invalid argument
>
> I'm running Openswan 2.1.4 and RedHat WS3 Update2.  It comes with kernel
> 2.4.21-15.Elsmp.  I also compiled a kernel booting off of it, but with the
> same results.

> If I delete the line with "compress=yes", or make it "compress=no", the link
> works.

This is a problem of the RHEL kernels. They contain some backported IPsec
code of the 2.6 kernel, but they have not been kept up to date with the
latest 2.6.8.1 fixes for IPsec. RHEL is meant as a stable reliable platform.
Unfortunately they didn't add KLIPS, and now the IPsec development on 2.6
is going to fast for them to keep updating their stable RHEL kernels.

RHEL kernels are just a bad choice if you want to do IPsec.

Paul


More information about the Users mailing list