All,
I have been working on ipsec-tools development a bit and am currently
scratching my head over issues related to esp and ipcomp. Since I do
most of my testing with FreeBSD, I tried both the kame ipsec and fast
ipsec support but have had no success to date.
Here are the SPD entries
Matthew Grooms wrote:
All,
With fast ipsec compiled into the kernel, I can see the outbound esp
transport SAD entry increase the current byte count but the ipcomp entry
shows nothing to indicate its use. It seems strange that the kernel will
send acquire messages via PF_KEY as a