[Openswan Users] Fedora Core 5 & OpenSwan - No Compression

Phillip T. George phillip at eacsi.com
Wed Jul 19 18:54:57 CEST 2006


Hello all,

I seem to be having a problem using OpenSwan with Fedora Core 5.  The
tunnel establishes just fine, but it seems that whenever compression is
enabled, information cannot travel across the tunnel.  Oddly enough, it
will travel one way -- from the Fedora Core 5 machine to a known-to-work
Fedora Core 3 machine.  If "compress=no" is set on both ipsec.conf
files, then it works just fine.  I had this problem with Fedora Core 4
and the eventual fix was to use "openswan-2.3.2x" (the fix also worked
on Fedora Core 3).  I've tried using that, but I'm back to FC5's rpm of
"openswan-2.4.4-1.1.2.1.i386" since it didn't help.

Here's a reference of the FC4 post that discussed the fix:
http://lists.openswan.org/pipermail/users/2005-July/005592.html
(Also another important thing to note, would be that small pings do not
go thru when "compress=yes")

Version info:
Linux version 2.6.15-1.2054_FC5 (bhcompile at hs20-bc1-3.build.redhat.com)
(gcc version 4.1.0 20060304 (Red Hat 4.1.0-3)) #1 Tue Mar 14 15:48:33
EST 2006.
Linux Openswan U2.4.4/K2.6.15-1.2054_FC5 (netkey)

ipsec.conf (the important part, with the important numbers & names
substituted):
"
conn SUNRISEtoSUNSET
        authby=secret
        left=5.5.5.5
        leftsubnet=192.168.1.0/24
        leftnexthop=%defaultroute
        right=7.7.7.7
        rightsubnet=192.168.2.0/24
        rightnexthop=%defaultroute
        compress=yes
        auto=start
"

Thanks,
Phillip







More information about the Users mailing list