[Openswan Users] Compression with Linux kernel 2.6
Paul Wouters
paul at xelerance.com
Thu May 12 02:28:20 CEST 2005
On Thu, 12 May 2005, Herbert Xu wrote:
> On Thu, May 12, 2005 at 12:46:59AM +0200, Paul Wouters wrote:
>>
>> Not entirely. For instance, 2.4.21-27.0.2.ELsmp still seems to have
>> bad backported NETKEY code biting users. People running RHEL should add
>> compress=no to their conns.
>
> Care to remind me the issue there?
The latestfail report we got had this:
# ipsec auto --up connname
104 "connname" 1: STATE_MAIN_I1: initiate
106 "connname" 1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "connname" 1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "connname" 1: STATE_MAIN_I4: ISAKMP SA established
003 "connname" 0000002: ERROR: netlink_get_spi for comp.0 at 1.2.3.4 failed with errno 22: Invalid argument
the ipcomp module was loaded. Specifying compress=no worked around this
problem. Apparently 2.4.21-27.0.2.ELsmp is the latest RHEL (3?) kernel.
This could be a vendor specific issue, since it is a custom backport of
NETKEY to 2.4.
Paul
More information about the Users
mailing list