On Mon, Oct 3, 2011 at 6:10 AM, Tobias Brunner <tob...@strongswan.org> wrote: > Hi Diego, > >>>> >>>> >>>> >>>> >>> >>> >>> >> I forgot to clarify that route is inserted if compress=no. In >> kernel_netlink_ipsec.c add_policy methed, the code checks if mode != >> MODE_TRANSPORT to insert to route. > > Yes, if IPComp is enabled the actual IPsec SA uses transport mode in the > kernel as the inner IPComp SA does the tunneling. Up to 4.4.1 charon did > this slightly wrong because the mode is changed while installing the policy > and later when installing the route and checking the mode it's not the > original mode that is compared. Please update to at least 4.5.0 to fix this. > > Regards, > Tobias > >
Yes, you are right. The bug was fixed in Openswan 4.5.2 from Debian backports. Thanks! -- Diego Woitasen _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users