I recently got a IPSec VPN working between two FreeBSD 5.3 boxes with ESP and AH. I decided to try adding IPComp to the mix to compress the data, but it doesn't seem to do anything. All sniffs of the network traffic show the VPN working, but IPComp never shows up. I first tried IP in ESP in IPComp in AH in IP, but all I see is ESP in AH in IP like IPComp isn't enabled. I changed the config to remove ESP, then I see IP in AH in IP. Also, I tried just IPComp by itself and all I had was a IP in IP tunnel. I'm using racoon for ESP and AH, does racoon also work with IPComp and set it up automatically?
The ipsec.conf file I used for ESP in IPComp in AH is as follows: spdadd 192.168.1.2/32 192.168.1.1/32 ipencap -P out ipsec \ esp/transport//require ipcomp/transport//require ah/transport//require; spdadd 192.168.1.1/32 192.168.1.2/32 ipencap -P in ipsec \ esp/transport//require ipcomp/transport//require ah/transport//require; I then added the lines below when that didn't work: add 192.168.1.2 192.168.1.1 ipcomp 2010 -C deflate; add 192.168.1.1 192.168.1.2 ipcomp 1020 -C deflate; After that I changed the first two lines to: spdadd 192.168.1.2/32 192.168.1.1/32 ipencap -P out ipsec \ ipcomp/transport//require ah/transport//require; spdadd 192.168.1.1/32 192.168.1.2/32 ipencap -P in ipsec \ ipcomp/transport//require ah/transport//require; And then: spdadd 192.168.1.2/32 192.168.1.1/32 ipencap -P out ipsec \ ipcomp/transport//require; spdadd 192.168.1.1/32 192.168.1.2/32 ipencap -P in ipsec \ ipcomp/transport//require; In every case I saw the ESP and AH protocols appear as appropriate, but IPComp never showed up in any packet captures. Is there anything I'm missing? -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
