[Openswan Users] Re: KLIPS or NETKEY on 2.6 kernels

Paul Hampson Paul.Hampson at PObox.com
Wed Apr 13 17:21:16 CEST 2005


Herbert Xu writes: 

> Paul Hampson <Paul.Hampson at pobox.com> wrote:
>> 
>> The first thing that comes to mind is that KLIPS and NETKEY have
>> incompatible compression.

> This is not true.  Openswan/KLIPS is certainly compatible with
> Openswan/Linux in terms of IPCOMP.  There may have been (and
> still be) a problem with Openswan/KLIPS versus racoon with IPCOMP.

Well, http://www.openswan.org/docs/local/README.Kernel26 says it is. 

And for that matter, the 2.3.1 tarball now has doc/2.6.known-issues
instead, but it still has the same paragraph:
* compression seems to be incompatible between KLIPS and NETKEY.
 Since we believe the NETKEY code is wrong, we cannot fix this. If you
 get a successful IKE negotiation and can send ESP packets, but never get
 replies, compile KLIPS without CONFIG_KLIPS_IPCOMP. There is currently no
 runtime switch to disable compression. Note that setting compress=no is not
 enough; it just means we do not announce compression, but we'll still do it
 if the other end requests it. 

 --
Paul "TBBle" Hampson, on a webmail client! 



More information about the Users mailing list