[Openswan Users] trying to connect OpenSWAN 2.6.19 to a Netgear FVS338

Paul Wouters paul at xelerance.com
Fri May 29 15:27:54 EDT 2009

On Fri, 29 May 2009, Marcos Hacker wrote:

> I have more information on the difference between connecting with
> OpenSWAN 2.6.19 and 2.6.22dr2 to our Netgear FVS338.
> To recap, using certificates phase 2 connects with OpenSWAN 2.6.19 but
> does not with 2.6.22dr2.
> The code change that seems to break the phase 2 portion of the connection
> is in /programs/pluto/spdb_v1_struct.c. If I remove this change (/* add
> IPcomp proposal if policy asks for it */), both 2.6.20 & 2.6.22dr2
> complete the IPsec SA.

Really? Do you have compress=yes or compress=no? Or no compress= option set?

I know we allow compress even if we have compress=no. It just changes what
we advertise to the other end. So this might be a case of the other end
lying to use, and us then happily using compress and the other end not liking
it. Can you find out what the settings on the other end are for compression?


More information about the Users mailing list