Sam
On Tue, 29 Oct 2002, Sam Chan wrote:
> I have a questions on running compression using IPsec.
>
> I have everything is working using IPsec. Now I want to use deflate
> compression too. In the ipsec.conf file, I enable the IPCOM by adding a
> line: CONFIG_IPSEC_IPCOM=y
>
> Now, my question is how can I tell or how to verify I'm using the deflate
> compression.
>
> Please give me some hints or any poniter for the answer will be greatly
> appreciated. Thanks in advanced.
I assume you're using Linux FreeS/WAN. First off, CONFIG_IPSEC_IPCOMP
goes in the kernel config, not the ispec.conf. ;).
To enable compression (from ipsec.conf(5)):
CONN PARAMETERS: AUTOMATIC KEYING
...
compress whether IPComp compression of content is desired on the
connection (link-level compression does not work on
encrypted data, so to be effective, compression must be
done before encryption); acceptable values are yes and no
(the default). The two ends need not agree. A value of
no is absolute: IPsec will neither propose nor accept
compression. A value of yes causes IPsec to propose both
compressed and uncompressed, and prefer compressed.
So you'd set compress=yes in either each connection definition or in the
%default connection.
Take a look at `ipsec whack --status` (once a connection has been
established), it should tell you weather or not compression was negotiated
properly.
Cheers,
Ryan
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
