[Openswan Users] Re: KLIPS or NETKEY on 2.6 kernels
Paul Hampson
Paul.Hampson at PObox.com
Wed Apr 13 17:21:16 CEST 2005
Herbert Xu writes:
> Paul Hampson <Paul.Hampson at pobox.com> wrote:
>>
>> The first thing that comes to mind is that KLIPS and NETKEY have
>> incompatible compression.
> This is not true. Openswan/KLIPS is certainly compatible with
> Openswan/Linux in terms of IPCOMP. There may have been (and
> still be) a problem with Openswan/KLIPS versus racoon with IPCOMP.
Well, http://www.openswan.org/docs/local/README.Kernel26 says it is.
And for that matter, the 2.3.1 tarball now has doc/2.6.known-issues
instead, but it still has the same paragraph:
* compression seems to be incompatible between KLIPS and NETKEY.
Since we believe the NETKEY code is wrong, we cannot fix this. If you
get a successful IKE negotiation and can send ESP packets, but never get
replies, compile KLIPS without CONFIG_KLIPS_IPCOMP. There is currently no
runtime switch to disable compression. Note that setting compress=no is not
enough; it just means we do not announce compression, but we'll still do it
if the other end requests it.
--
Paul "TBBle" Hampson, on a webmail client!
More information about the Users
mailing list