On Fri, Apr 1, 2011 at 11:01 AM, Matthew Dempsky <matt...@dempsky.org> wrote:
> For the time being, I'd suggest anyone concerned ensure ipcomp
> processing is disabled; i.e., make sure "sysctl
> net.inet.ipcomp.enable" is set to 0. (And like I said, it's disabled
> by default.)
If there are any IPComp users out there, markus@ has just committed
the following diff to prevent IPComp-induced workq loops:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_input.c.diff?
r1=1.101;r2=1.102;f=h
I also suggest that if you're configuring IPComp on a host with IP
forwarding enabled (on any platform, not just OpenBSD), that you
should only use IPComp in conjunction with IPsec (i.e., ESP or AH).
Otherwise there's a risk of routing loops.
