On Tuesday 20 June 2006 21:00, Clint Pachl wrote: > Is IP compression/ipcomp flows implemented in ipsecctl(8)? I am trying > to perform encryption (enc) and compression (ipcomp) between two > OBSD3.9 hosts.
IPcomp is known broken for at least two years, perhaps longer. Do not use it. > ipcomp(4) states, "Currently, IPCA can be created using the ipsecadm(8) > tool," with no mention of ipsecctl. > > Here is my simple setup: > > sysctl net.inet.ipcomp.enable=1 > > # ipsec.conf > flow esp from 192.168.2.2 to 192.168.2.1 > ipcomp from 192.168.2.2 to 192.168.2.1 spi 0x1000:0x1001 comp deflate > esp from 192.168.2.2 to 192.168.2.1 spi 0x1000:0x1001 \ > authkey > 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \ > enckey > 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee > > The IP addresses and spi values are swapped on the other host's > ipsec.conf. I also tried using different spi values for ipcomp and esp. > > I performed many ftp and scp transfers, checking for ipcomp packets > using tcpdump and netstat, but no ipcomp traffic. Encryption between > the hosts is working properly. > > -pachl -- Todd Fries .. [EMAIL PROTECTED] _____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | "..in support of free software solutions." \ 250797 (FWD) | \ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
