[Openswan Users] not able to use compression
Andy Gay
andy at andynet.net
Wed May 16 10:07:57 EDT 2007
On Tue, 2007-05-15 at 15:54 +0200, Jordan Paschalidis wrote:
> Hello all,
>
> can someone tell me the right (Kernel-)settings to use openswan with
> compression?
> I tried different Kernel- and openswan-versions, all with the same result.
> I didnt't worked.
>
> The Problem i got is that the config is fine, the ipsec auto --status gives
> a 'policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 24,24; interface:
> eth0; ' and the compression is not working.
> Packets are beeing tranported without Compression.
>
> As difference i don't get any com*- or *DEFLATE*-entries in
> /proc/net/ipsec_spi.
>
> I tried 2.6.18.1 with openswan 2.4.6, tried 2.4.33 and 2.4.30 with 2.4.6
> all with the same result.
>
> As last test i used one contos 3 / vanilla-kernel 2.4.30 with openswan
> 2.4.6 and one redhat 9 with precompiled rpm from freeswan, again with the
> same config and the compression worked.
>
> So, could somebody help me to understand this?
You may be hitting the bug that Stephan Scholz <sscholz at astaro.com>
reported in http://bugs.xelerance.com/view.php?id=538
The problem is that the ipcomp proposal is being lost. I posted a patch
to fix it about 9 months ago, but the Openswan developers haven't seen
fit to merge it.
IIRC, the bug only happens if your conn includes an esp= entry to
override the pluto defaults. If you have that in your config, try
leaving it out.
>
> greetings
> Jordan
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list