Re: Fedora Core 5 & OpenSwan - No Compression

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jorge,

Seems like last time it had something to do with the kernel version (but a patch in openswan fixed it).  If you could...go ahead and post "cat /proc/version" here.

Thanks,
Phillip

Jorge Santos wrote:
Hi all

FYI, i have the same prob, but i am using CentOS 4.3 on both sides and
openswan-2.4.5. On the server side i have klips and on the client, i have
netkey, both compiled from source.

  
Hello all,

I seem to be having a problem using OpenSwan with Fedora Core 5.  The
tunnel establishes just fine, but it seems that whenever compression is
enabled, information cannot travel across the tunnel.  Oddly enough, it
will travel one way -- from the Fedora Core 5 machine to a known-to-work
Fedora Core 3 machine.  If "compress=no" is set on both ipsec.conf
files, then it works just fine.  I had this problem with Fedora Core 4
and the eventual fix was to use "openswan-2.3.2x" (the fix also worked
on Fedora Core 3).  I've tried using that, but I'm back to FC5's rpm of
"openswan-2.4.4-1.1.2.1.i386" since it didn't help.

Here's a reference of the FC4 post that discussed the fix:
http://lists.openswan.org/pipermail/users/2005-July/005592.html
(Also another important thing to note, would be that small pings do not
go thru when "compress=yes")

Version info:
Linux version 2.6.15-1.2054_FC5 (bhcompile@xxxxxxxxxxxxxxxxxxxxxxxxxxx)
(gcc version 4.1.0 20060304 (Red Hat 4.1.0-3)) #1 Tue Mar 14 15:48:33
EST 2006.
Linux Openswan U2.4.4/K2.6.15-1.2054_FC5 (netkey)

ipsec.conf (the important part, with the important numbers & names
substituted):
"
conn SUNRISEtoSUNSET
        authby=secret
        left=5.5.5.5
        leftsubnet=192.168.1.0/24
        leftnexthop=%defaultroute
        right=7.7.7.7
        rightsubnet=192.168.2.0/24
        rightnexthop=%defaultroute
        compress=yes
        auto=start
"

Thanks,
Phillip





_______________________________________________
Users@xxxxxxxxxxxx
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

    


  
-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux