[Openswan Users] compress and esp option problem
Paul Wouters
paul at xelerance.com
Wed Nov 30 16:22:33 CET 2005
On Wed, 30 Nov 2005, Marco Berizzi wrote:
> This problem isn't as I have described. It is an interop problem with racoon.
> I know, racoon currently isn't able to process ipcomp correctly. However here
> log files. This is the setkey file on the racoon box:
>
> /usr/local/sbin/setkey -c <<EOF
> flush;
> spdflush;
> spdadd 10.1.2.0/24 10.1.1.0/24 any -P out ipsec
> esp/tunnel/172.16.1.247-172.16.1.226/require;
>
> spdadd 10.1.1.0/24 10.1.2.0/24 any -P in ipsec
> esp/tunnel/172.16.1.226-172.16.1.247/require;
I am not too familiar with racoon/setkey, but I know that racoon lets you build
invalid packets where not the ESP itself uses compression, but *another* transform
is created around the ESP. eg: ESP(COMP) versus COMP(ESP())
That might be the cause for you here too. Perhaps googling for a working openswan
racoon interop will tell you what is wrong?
Paul
More information about the Users
mailing list