On Mon, Oct 3, 2011 at 6:10 AM, Tobias Brunner <tob...@strongswan.org> wrote:
> Hi Diego,
>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>> I forgot to clarify that route is inserted if compress=no. In
>> kernel_netlink_ipsec.c add_policy methed, the code checks if mode !=
>> MODE_TRANSPORT to insert to route.
>
> Yes, if IPComp is enabled the actual IPsec SA uses transport mode in the 
> kernel as the inner IPComp SA does the tunneling.  Up to 4.4.1 charon did 
> this slightly wrong because the mode is changed while installing the policy 
> and later when installing the route and checking the mode it's not the 
> original mode that is compared.  Please update to at least 4.5.0 to fix this.
>
> Regards,
> Tobias
>
>

Yes, you are right. The bug was fixed in Openswan 4.5.2 from Debian backports.

Thanks!

-- 
Diego Woitasen

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to