Wow! Great. I will wait your news. Karim Fodil-Lemelin wrote:
> Hi, > > I have fixed IPComp for tunnel mode in FreeBSD 4.8 (I still need to > cleanup the code). I beleive it should be easy for you to apply the > diffs to FreeBSD 5.2. I will contact the Kame group and try to see how I > can deleiver the patch. Since the R&D was done on the company's time I > would like to have myself and Xiphos mentionned in realsing the patch. > > Regards, > > Karim Fodil-Lemelin > Xiphos Technologies Inc > > Marco Berizzi wrote: > > >Hello everybody. > > > >I'm running an interop issue with IPSec tunnels > >between FreeS/WAN and FreeBSD 5.2 > >Without IPComp tunnel are successfully established. > >With IPComp enabled tunnel are again successfully > >established but there is no traffic flow. > > > >This is my setkey init (FreeBSD box side): > > > >/usr/local/sbin/setkey -c <<EOF > >flush; > >spdflush; > >spdadd 10.1.2.0/24 10.1.1.0/24 any -P in ipsec > > ipcomp/tunnel/172.16.1.247-172.16.1.226/use > > esp/tunnel/172.16.1.247-172.16.1.226/require; > > > >spdadd 10.1.1.0/24 10.1.2.0/24 any -P out ipsec > > ipcomp/tunnel/172.16.1.226-172.16.1.247/use > > esp/tunnel/172.16.1.226-172.16.1.247/require; > >EOF > > > >However with this kind of init file FreeS/WAN is dropping packet coming from the > >FreeBSD box. > >Michael Richardson (fsw mantainer) reply me telling: > > > >"... The packets that racoon is telling the system to build > >would appear to have been constructed like: > > > >orig IPsrc = 10.1.1.1,IPdst = 10.1.2.1 > > IPcomp > >* IPsrc = 172.16.1.247,IPdst=172.16.1.226 > > ESP > >outer IPsrc = 172.16.1.247,IPdst=172.16.1.226 > > > >[...] This packet format is in error. It defeats most of the point of using > >IPcomp, which is to compress the inner-IP header out. It appears that a new > >IP header has been added. > >If the 2.6.0 kernel accepts this, then I wonder what other things it > >might accept! The IPIP header marked "*" is completely superfluous and > >a waste of 20 bytes. ..." > > > >The full thread available at > >https://lists.freeswan.org/archives/design/2003-December/msg00032.html > > > >The thread is about FreeS/WAN and kernel 2.6 (2.6 IPSec stack is a KAME based). > >However Linux 2.6 and FreeBSD have the same behaviour. > > > >Comments? > > > >TIA _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
