[Openswan Users] trying to connect OpenSWAN 2.6.19 to a Netgear FVS338
mfhacker at hotmail.com
Fri May 29 17:31:21 EDT 2009
> > I have more information on the difference between connecting with
> > OpenSWAN 2.6.19 and 2.6.22dr2 to our Netgear FVS338.
> > To recap, using certificates phase 2 connects with OpenSWAN 2.6.19 but
> > does not with 2.6.22dr2.
> > The code change that seems to break the phase 2 portion of the connection
> > is in /programs/pluto/spdb_v1_struct.c. If I remove this change (/* add
> > IPcomp proposal if policy asks for it */), both 2.6.20 & 2.6.22dr2
> > complete the IPsec SA.
> Really? Do you have compress=yes or compress=no? Or no compress= option set?
> I know we allow compress even if we have compress=no. It just changes what
> we advertise to the other end. So this might be a case of the other end
> lying to use, and us then happily using compress and the other end not liking
> it. Can you find out what the settings on the other end are for compression?
We are using the command line options, so we send over --compress (I assume this is compress=yes). If I remove the --compress flag (compress=no), then the connection establishes! I have not been able to determine if the Netgear uses compression.
What is the benefit of using compression?
Insert movie times and more without leaving Hotmail®.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users