[Openswan Users] Re: KLIPS or NETKEY on 2.6 kernels

Paul Wouters paul at xelerance.com
Mon Apr 25 18:29:53 CEST 2005

On Wed, 13 Apr 2005, Herbert Xu wrote:

> Paul Hampson <Paul.Hampson at pobox.com> wrote:
>> Well, http://www.openswan.org/docs/local/README.Kernel26 says it is.
>> And for that matter, the 2.3.1 tarball now has doc/2.6.known-issues
>> instead, but it still has the same paragraph:
>> * compression seems to be incompatible between KLIPS and NETKEY.
> Well this is simply incorrect.  Paul, could you please correct this?

Having done some debugging, it seems that the bug is not in the stack. I
have run a successfull interop with compression enabled.
However, there does seems to be an issue when changing phase1 from compression
to no-compression or visa versa, and breaking the phase2. When switching, I
had to completely tear down everything and restart both phase 1 and phase 2.

If this is expected behaviour, then we should not allow compress=no (the
default) to accept compression at the initiatial request, and then rekey
without it. Michael? Any thoughts on this?

I will update the doc/2.6.known-issues file.


More information about the Users mailing list