[Openswan Users] 26sec using IPcomp

Marco Berizzi pupilla at hotmail.com
Thu Jun 23 13:06:16 CEST 2005 

Hello.
I have setup two OSW boxes with linux 2.6.12
I have established an ESP/IPcomp tunnel. Tunnel
is correctly established, but there is no packet
flow when these are bigger than 295 bytes.

Is there any know problem with IPcomp on
Linux 2.6.12 ?

TIA

This is the setket -D output:

sadb_msg{ version=2 type=18 errno=0 satype=0
  len=2 reserved=0 seq=0 pid=6052

sadb_msg{ version=2 type=18 errno=0 satype=0
  len=30 reserved=1 seq=6 pid=6052
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 0a010100  }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 0a010200  }
sadb_ext{ len=4 type=3 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=4 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=2 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=1119518684, usetime=1119520559 }
sadb_ext{ len=10 type=18 }
sadb_x_policy{ type=2 dir=1 id=68 priority=2344 }
 { len=48 proto=108 mode=2 level=1 reqid=16386
sockaddr{ len=16 family=2 port=0
 ac1001e2  }
sockaddr{ len=16 family=2 port=0
 ac1001f7  }
 }
 { len=16 proto=50 mode=1 level=3 reqid=16385
 }

10.1.1.0/24[any] 10.1.2.0/24[any] any
 in prio high + 1073739480 ipsec
 ipcomp/tunnel/172.16.1.226-172.16.1.247/use#16386
 esp/transport//unique#16385
 created: Jun 23 11:24:44 2005  lastused: Jun 23 11:55:59 2005
 lifetime: 0(s) validtime: 0(s)
 spid=104 seq=6 pid=6052
 refcnt=1
sadb_msg{ version=0 type=0 errno=0 satype=0
  len=0 reserved=0 seq=0 pid=0

sadb_msg{ version=2 type=18 errno=0 satype=0
  len=30 reserved=1 seq=5 pid=6052
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 0a010200  }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 0a010100  }
sadb_ext{ len=4 type=3 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=4 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=2 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=1119520424, usetime=1119520559 }
sadb_ext{ len=10 type=18 }
sadb_x_policy{ type=2 dir=2 id=61 priority=2344 }
 { len=48 proto=108 mode=2 level=1 reqid=16386
sockaddr{ len=16 family=2 port=0
 ac1001f7  }
sockaddr{ len=16 family=2 port=0
 ac1001e2  }
 }
 { len=16 proto=50 mode=1 level=3 reqid=16385
 }

10.1.2.0/24[any] 10.1.1.0/24[any] any
 out prio high + 1073739480 ipsec
 ipcomp/tunnel/172.16.1.247-172.16.1.226/use#16386
 esp/transport//unique#16385
 created: Jun 23 11:53:44 2005  lastused: Jun 23 11:55:59 2005
 lifetime: 0(s) validtime: 0(s)
 spid=97 seq=5 pid=6052
 refcnt=1
sadb_msg{ version=0 type=0 errno=0 satype=0
  len=0 reserved=0 seq=0 pid=0

sadb_msg{ version=2 type=18 errno=0 satype=0
  len=30 reserved=1 seq=4 pid=6052
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 0a010100  }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 0a010200  }
sadb_ext{ len=4 type=3 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=4 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=2 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=1119518684, usetime=0 }
sadb_ext{ len=10 type=18 }
sadb_x_policy{ type=2 dir=3 id=72 priority=2344 }
 { len=48 proto=108 mode=2 level=1 reqid=16386
sockaddr{ len=16 family=2 port=0
 ac1001e2  }
sockaddr{ len=16 family=2 port=0
 ac1001f7  }
 }
 { len=16 proto=50 mode=1 level=3 reqid=16385
 }

10.1.1.0/24[any] 10.1.2.0/24[any] any
 fwd prio high + 1073739480 ipsec
 ipcomp/tunnel/172.16.1.226-172.16.1.247/use#16386
 esp/transport//unique#16385
 created: Jun 23 11:24:44 2005  lastused:
 lifetime: 0(s) validtime: 0(s)
 spid=114 seq=4 pid=6052
 refcnt=1
sadb_msg{ version=0 type=0 errno=0 satype=0
  len=0 reserved=0 seq=0 pid=0

sadb_msg{ version=2 type=18 errno=0 satype=0
  len=22 reserved=1 seq=3 pid=6052
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=0 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 00000000  }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=0 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 00000000  }
sadb_ext{ len=4 type=3 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=4 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=2 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=1119518684, usetime=0 }
sadb_ext{ len=2 type=18 }
sadb_x_policy{ type=1 dir=1 id=53 priority=0 }

(per-socket policy)
 in none
 created: Jun 23 11:24:44 2005  lastused:
 lifetime: 0(s) validtime: 0(s)
 spid=83 seq=3 pid=6052
 refcnt=1
sadb_msg{ version=48 type=0 errno=108 satype=0
  len=258 reserved=0 seq=16386 pid=0
sadb_ext{ len=2 type=0 }
kdebug_sadb: invalid ext_type 0 was passed.

sadb_msg{ version=2 type=18 errno=0 satype=0
  len=22 reserved=1 seq=2 pid=6052
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=0 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 00000000  }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=0 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 00000000  }
sadb_ext{ len=4 type=3 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=4 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=2 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=1119518684, usetime=1119520424 }
sadb_ext{ len=2 type=18 }
sadb_x_policy{ type=1 dir=1 id=43 priority=0 }

(per-socket policy)
 in none
 created: Jun 23 11:24:44 2005  lastused: Jun 23 11:53:44 2005
 lifetime: 0(s) validtime: 0(s)
 spid=67 seq=2 pid=6052
 refcnt=1
sadb_msg{ version=48 type=0 errno=108 satype=0
  len=258 reserved=0 seq=16386 pid=0
sadb_ext{ len=2 type=0 }
kdebug_sadb: invalid ext_type 0 was passed.

sadb_msg{ version=2 type=18 errno=0 satype=0
  len=22 reserved=1 seq=1 pid=6052
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=0 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 00000000  }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=0 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 00000000  }
sadb_ext{ len=4 type=3 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=4 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=2 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=1119518684, usetime=0 }
sadb_ext{ len=2 type=18 }
sadb_x_policy{ type=1 dir=2 id=5c priority=0 }

(per-socket policy)
 out none
 created: Jun 23 11:24:44 2005  lastused:
 lifetime: 0(s) validtime: 0(s)
 spid=92 seq=1 pid=6052
 refcnt=1
sadb_msg{ version=48 type=0 errno=108 satype=0
  len=258 reserved=0 seq=16386 pid=0
sadb_ext{ len=2 type=0 }
kdebug_sadb: invalid ext_type 0 was passed.

sadb_msg{ version=2 type=18 errno=0 satype=0
  len=22 reserved=1 seq=0 pid=6052
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=0 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 00000000  }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=0 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 00000000  }
sadb_ext{ len=4 type=3 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=4 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=0, usetime=0 }
sadb_ext{ len=4 type=2 }
sadb_lifetime{ alloc=0, bytes=0
  addtime=1119518684, usetime=1119520424 }
sadb_ext{ len=2 type=18 }
sadb_x_policy{ type=1 dir=2 id=4c priority=0 }

(per-socket policy)
 out none
 created: Jun 23 11:24:44 2005  lastused: Jun 23 11:53:44 2005
 lifetime: 0(s) validtime: 0(s)
 spid=76 seq=0 pid=6052
 refcnt=1

This is my ipsec.conf

# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $

# This file:  /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
 # Debug-logging controls:  "none" for (almost) none, "all" for lots.
 # klipsdebug=none
 # plutodebug="control parsing"
 uniqueids=yes

# Add connections here

# sample VPN connection
#sample# conn sample
#sample#  # Left security gateway, subnet behind it, next hop toward
right.
#sample#  left=10.0.0.1
#sample#  leftsubnet=172.16.0.0/24
#sample#  leftnexthop=10.22.33.44
#sample#  # Right security gateway, subnet behind it, next hop toward
left.
#sample#  right=10.12.12.1
#sample#  rightsubnet=192.168.0.0/24
#sample#  rightnexthop=10.101.102.103
#sample#  # To authorize this connection, but not actually start it, at
startup,
#sample#  # uncomment this.
#sample#  #auto=start

conn %default
        keyingtries=1
        disablearrivalcheck=no
        authby=secret
        #leftrsasigkey=%cert
        #rightrsasigkey=%cert
        left=%defaultroute
        leftsubnet=10.1.2.0/24
        #leftcert=fswcert.pem
        #leftfirewall=yes

conn blackmagic
        left=172.16.1.226
        right=172.16.1.247
        leftnexthop=172.16.1.247
        leftsubnet=10.1.1.0/24
        rightsubnet=10.1.2.0/24
        authby=secret
        #leftfirewall=no
        #rightfirewall=no
        auto=start
        pfs=yes
        #esp=3des-md5-96
        compress=yes
        leftrsasigkey=none
        rightrsasigkey=none
        rightid=172.16.1.247
        keyingtries=0
        keylife=40m

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

More information about the Users mailing list