[Openswan Users] trying to connect OpenSWAN 2.6.19 to a Netgear FVS338
Paul Wouters
paul at xelerance.com
Fri May 29 20:35:37 EDT 2009
On Fri, 29 May 2009, Marcos Hacker wrote:
> >
> > I know we allow compress even if we have compress=no. It just changes what
> > we advertise to the other end. So this might be a case of the other end
> > lying to use, and us then happily using compress and the other end not liking
> > it. Can you find out what the settings on the other end are for compression?
> >
> > Paul
>
> Hi Paul,
>
> We are using the command line options, so we send over --compress (I assume this is compress=yes). If I remove the --compress flag
> (compress=no), then the connection establishes! I have not been able to determine if the Netgear uses compression.
Ok so that is the equivalent of compres=yes. Then you should see IPcomp in the "IPsec Established" message,
which I did not see. My guess is you are proposing compression, the netgear does not object, but it
does reject later on.
> What is the benefit of using compression?
It compresses teh IP headers, making packets slightly smaller. Its mostly useful to avoid MTU issues, if
the ESP header overhead is smaller then the gain of the head compression, eg you "undo" the packet
enlargement due to the encapsulation.
Paul
More information about the Users
mailing list