[Openswan Users] 26sec using IPcomp
Marco Berizzi
pupilla at hotmail.com
Tue Jun 28 17:43:55 CEST 2005
Herbert Xu wrote:
> On Tue, Jun 28, 2005 at 02:05:39PM +0200, Marco Berizzi wrote:
> >
> > FYI: The same problem happens with ipsec-tools 0.5.2: may be the
> > same?
>
> You mean it happens with ipsec-tools to ipsec-tools?
Yes, racoon/setkey <==> racoon/setkey
> Possibly. Just
> check the replay window setting using ip -s xfrm state or setkey -D.
> The replay window all IPComp states should be zero.
It is. Hints?
Here is setkey -D and ip xfrm state output:
172.16.1.226 172.16.1.247
ipcomp mode=tunnel spi=1206748335(0x47ed84af) reqid=0(0x00000000)
C: deflate seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Jun 28 16:38:06 2005 current: Jun 28 16:38:59 2005
diff: 53(s) hard: 2400(s) soft: 1920(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=5 pid=496 refcnt=0
172.16.1.226 172.16.1.247
unspec mode=tunnel spi=2886730210(0xac1001e2) reqid=0(0x00000000)
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Jun 28 16:38:06 2005 current: Jun 28 16:38:59 2005
diff: 53(s) hard: 0(s) soft: 0(s)
last: Jun 28 16:38:06 2005 hard: 0(s) soft: 0(s)
current: 252(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3 hard: 0 soft: 0
sadb_seq=4 pid=496 refcnt=0
172.16.1.226 172.16.1.247
esp mode=transport spi=175932275(0x0a7c8373) reqid=0(0x00000000)
E: 3des-cbc 12d1e469 df5c2268 20819e03 86483b60 fb06f762 81f6dcb4
A: hmac-md5 e37ca198 026743a4 6ee2fc19 d6ecf630
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Jun 28 16:38:06 2005 current: Jun 28 16:38:59 2005
diff: 53(s) hard: 2400(s) soft: 1920(s)
last: Jun 28 16:38:06 2005 hard: 0(s) soft: 0(s)
current: 252(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3 hard: 0 soft: 0
sadb_seq=3 pid=496 refcnt=0
172.16.1.247 172.16.1.226
ipcomp mode=tunnel spi=45723(0x0000b29b) reqid=0(0x00000000)
C: deflate seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Jun 28 16:38:06 2005 current: Jun 28 16:38:59 2005
diff: 53(s) hard: 2400(s) soft: 1920(s)
last: Jun 28 16:38:06 2005 hard: 0(s) soft: 0(s)
current: 312(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3 hard: 0 soft: 0
sadb_seq=2 pid=496 refcnt=0
172.16.1.247 172.16.1.226
unspec mode=tunnel spi=2886730231(0xac1001f7) reqid=0(0x00000000)
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Jun 28 16:38:06 2005 current: Jun 28 16:38:59 2005
diff: 53(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=496 refcnt=0
172.16.1.247 172.16.1.226
esp mode=transport spi=90107434(0x055eee2a) reqid=0(0x00000000)
E: 3des-cbc 40d238b3 d8b02765 e76242d6 93048aca d3b5a90a 59687498
A: hmac-md5 f79930c3 db424c65 6b047bfa a6c36054
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Jun 28 16:38:06 2005 current: Jun 28 16:38:59 2005
diff: 53(s) hard: 2400(s) soft: 1920(s)
last: Jun 28 16:38:06 2005 hard: 0(s) soft: 0(s)
current: 408(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3 hard: 0 soft: 0
sadb_seq=0 pid=496 refcnt=0
src 172.16.1.226 dst 172.16.1.247
proto ipcomp spi 0x47ed84af reqid 0 mode tunnel
replay-window 0
comp deflate 0x
src 172.16.1.226 dst 172.16.1.247
proto ipencap spi 0xac1001e2 reqid 0 mode tunnel
replay-window 0
src 172.16.1.226 dst 172.16.1.247
proto esp spi 0x0a7c8373 reqid 0 mode transport
replay-window 4
auth md5 0xe37ca198026743a46ee2fc19d6ecf630
enc des3_ede 0x12d1e469df5c226820819e0386483b60fb06f76281f6dcb4
src 172.16.1.247 dst 172.16.1.226
proto ipcomp spi 0x0000b29b reqid 0 mode tunnel
replay-window 0
comp deflate 0x
src 172.16.1.247 dst 172.16.1.226
proto ipencap spi 0xac1001f7 reqid 0 mode tunnel
replay-window 0
src 172.16.1.247 dst 172.16.1.226
proto esp spi 0x055eee2a reqid 0 mode transport
replay-window 4
auth md5 0xf79930c3db424c656b047bfaa6c36054
enc des3_ede 0x40d238b3d8b02765e76242d693048acad3b5a90a59687498
More information about the Users
mailing list