Re: [Ipsec-tools-devel] IPComp Implementation for generate on IPSec SAs
Brought to you by:
mit_warlord,
netbsd
From: Marco B. <pu...@ho...> - 2005-05-02 07:35:11
|
Andreas Nobel wrote: > >Just for record. > >You should change "require" to "use" because > >small packets could become bigger after > >compression. > > Thanks for pointing this out. > > Does your setup (which one?) work with ESP+IPComp NAT-T > AND Tunnel Mode? This is my interop list: FreeS/WAN (KLIPS + linux 2.4) - FreeS/WAN (2.6 Ipsec) = ESP+IPCOMP OK FreeS/WAN (KLIPS + linux 2.4) - FreeS/WAN (2.6 Ipsec) = ESP OK FreeS/WAN (KLIPS + linux 2.4) - racoon/setkey (2.6 Ipsec) = ESP OK FreeS/WAN (KLIPS + linux 2.4) - racoon/setkey (2.6 Ipsec) = ESP+IPCOMP KO I haven't tested NAT-T. > I want to use IPComp+ESP in Tunnel Mode with generate on; > created IPSec SAs for Racoon on the server side and its > roadwarriors. and maybe a switch for choosing ipcomp > on/off; on racoon.conf for those how don't neeed IPComp, > so manually setting up SAD/SPD is no chice for me. > > > Andreas |