[Openswan Users] Re: KLIPS or NETKEY on 2.6 kernels
Paul Wouters
paul at xelerance.com
Mon Apr 25 18:29:53 CEST 2005
On Wed, 13 Apr 2005, Herbert Xu wrote:
> Paul Hampson <Paul.Hampson at pobox.com> wrote:
>>
>> Well, http://www.openswan.org/docs/local/README.Kernel26 says it is.
>>
>> And for that matter, the 2.3.1 tarball now has doc/2.6.known-issues
>> instead, but it still has the same paragraph:
>> * compression seems to be incompatible between KLIPS and NETKEY.
>
> Well this is simply incorrect. Paul, could you please correct this?
Having done some debugging, it seems that the bug is not in the stack. I
have run a successfull interop with compression enabled.
However, there does seems to be an issue when changing phase1 from compression
to no-compression or visa versa, and breaking the phase2. When switching, I
had to completely tear down everything and restart both phase 1 and phase 2.
If this is expected behaviour, then we should not allow compress=no (the
default) to accept compression at the initiatial request, and then rekey
without it. Michael? Any thoughts on this?
I will update the doc/2.6.known-issues file.
Paul
More information about the Users
mailing list