Fedora Core 5 & OpenSwan - No Compression

Phillip T. George phillip at eacsi.com
Thu Jul 20 14:57:13 UTC 2006 

Jorge,

Seems like last time it had something to do with the kernel version (but
a patch in openswan fixed it).  If you could...go ahead and post "cat
/proc/version" here.

Thanks,
Phillip

Jorge Santos wrote:
> Hi all
>
> FYI, i have the same prob, but i am using CentOS 4.3 on both sides and
> openswan-2.4.5. On the server side i have klips and on the client, i have
> netkey, both compiled from source.
>
>   
>> Hello all,
>>
>> I seem to be having a problem using OpenSwan with Fedora Core 5.  The
>> tunnel establishes just fine, but it seems that whenever compression is
>> enabled, information cannot travel across the tunnel.  Oddly enough, it
>> will travel one way -- from the Fedora Core 5 machine to a known-to-work
>> Fedora Core 3 machine.  If "compress=no" is set on both ipsec.conf
>> files, then it works just fine.  I had this problem with Fedora Core 4
>> and the eventual fix was to use "openswan-2.3.2x" (the fix also worked
>> on Fedora Core 3).  I've tried using that, but I'm back to FC5's rpm of
>> "openswan-2.4.4-1.1.2.1.i386" since it didn't help.
>>
>> Here's a reference of the FC4 post that discussed the fix:
>> http://lists.openswan.org/pipermail/users/2005-July/005592.html
>> (Also another important thing to note, would be that small pings do not
>> go thru when "compress=yes")
>>
>> Version info:
>> Linux version 2.6.15-1.2054_FC5 (bhcompile at hs20-bc1-3.build.redhat.com)
>> (gcc version 4.1.0 20060304 (Red Hat 4.1.0-3)) #1 Tue Mar 14 15:48:33
>> EST 2006.
>> Linux Openswan U2.4.4/K2.6.15-1.2054_FC5 (netkey)
>>
>> ipsec.conf (the important part, with the important numbers & names
>> substituted):
>> "
>> conn SUNRISEtoSUNSET
>>         authby=secret
>>         left=5.5.5.5
>>         leftsubnet=192.168.1.0/24
>>         leftnexthop=%defaultroute
>>         right=7.7.7.7
>>         rightsubnet=192.168.2.0/24
>>         rightnexthop=%defaultroute
>>         compress=yes
>>         auto=start
>> "
>>
>> Thanks,
>> Phillip
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>     
>
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20060720/c5e52866/attachment-0002.html

More information about the users mailing list