[Openswan Users] compress and esp option problem
Paul Wouters
paul at xelerance.com
Tue Nov 29 21:39:28 CET 2005
On Tue, 29 Nov 2005, Marco Berizzi wrote:
> I have set esp=3des-sha1! and compress=yes in my ipsec.conf, but pluto isn't
> proposing ipcomp anymore.
> What should I do for enable ipcomp and force 3des-sha1?
Do not use the "!" syntax, it is obsolete and strict mode is always implied.
ipcomp is proposed by default if you compiled support for it in. Even with
compress=no it will still respond to a compress request. compress=no only
disables the announcing of ip compression.
Can you show me the log on the initiator for the conn with compress=no and
compress=yes. Please ensure to ipsec auto --replace connname when changing
this option in between.
Thanks,
Paul
More information about the Users
mailing list