Hi!
Just a quick question if anybody has had the same problem, or contrary, if anybody has a success story with SEF. I'm trying to establish an IPsec tunnel between OpenBSD 3.9 and Symantec Enterprise Firewall 7.0.4 (NT/2k) which is not under my control. The negotiation goes through normally, but immediately afterwards the remote end sends a "DELETE" notification. The tunnel is still up on OpenBSD's end, but no traffic ever reaches the destination. The remote end (Symantec) spits out (obfuscated to protect the innocent): "VPN packet dropped (213.aaa.bbb.ccc->217.ddd.eee.fff: Protocol=IPSEC-ESP spi=0xa0723686): Received IPCOMP packet on a tunnel that was not configured for compression (tunnel [EMAIL PROTECTED] <VPN_tunnel_*****>)" This error message is funny because as far as I know, OpenBSD does not support IPCOMP in automatic IKE through isakmpd. Any idea why Symantec would believe that we are sending it IPCOMP traffic? I even checked that net.inet.ipcomp.enable=0 - not that I know if it's applicable to IPsec at all. I suspect this is a bug in SEF, but can't find anything on google or mailing list archives. Nothing special in my isakmpd.conf, I have multiple tunnels working to other vendors' VPN peers. Regards, Mitja
