If I set compress=yes, the tunnel doesn't work for packages bigger than 315 bytes. With the same config, openswan-2.3.0 works just fine. Steps to reproduce: ping -s 287 -> works ping -s 288 -> don't My info: tsr root # emerge info Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.11-gentoo-r6 i686) ================================================================= System uname: 2.6.11-gentoo-r6 i686 AMD Athlon(tm) XP 2800+ Gentoo Base System version 1.4.16 Python: dev-lang/python-2.3.5 [2.3.5 (#1, May 3 2005, 10:12:50)] distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.3.5 sys-apps/sandbox: [Not Present] sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.5, 1.7.9-r1, 1.6.3, 1.4_p6, 1.9.4, 1.8.5-r3 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium2 -O3 -pipe -funroll-loops -fno-strict-aliasing -fomit-frame-pointer -mpreferred-stack-boundary=2" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/fax /usr/share/config /var/bind /var/qmail/control /var/spool/fax/etc" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium2 -O3 -pipe -funroll-loops -fno-strict-aliasing -fomit-frame-pointer -mpreferred-stack-boundary=2" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp.roedu.net/pub/mirrors/gentoo.org ftp://ftp.lug.ro/gentoo" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.ro.gentoo.org/gentoo-portage" USE="x86 aalib accounting acl alsa apache2 apm authdaemond avi berkdb bitmap-fonts crypt cups curl directfb emboss encode extensions fam fbcon foomaticdb fortran gd gdbm geoip gif gpm hardenedphp imagemagick imap imlib ipv6 java javacomm javadoc javamail jikes jpeg junit ldap libg++ libwww mad maildir mcal mikmod mmx motif mp3 mpeg mysql ncurses nls ogg oggvorbis oss pam pdflib perl png postgres python quicktime readline samba sasl session slang spell ssl svga tcpd tiff truetype truetype-fonts type1-fonts underscores vhosts vorbis xerces xml xml2 xmlrpcxmms xv zero-penalty-hit zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
Is the other end of the tunnel running openswan as well? If not, what is it running? Thanks,
Both ends are 2 gentoos with the same version of openswan (2.3.1). I had to downgrade to 2.3.0 for being able to compress the packages. If you need a tester, I could do it in week-ends. However, I didn't found anything relevant on google about the subj (but I didn't searched too deeply). I've added this bug mainly to keep 2.3.1 away from stableness.
Herbert Xu posted a patch I am hoping will fix your issue. You can find it here: http://lists.openswan.org/pipermail/users/2005-May/004888.html This patch has been commited to openswan cvs so it should be a part of 2.3.2 when it is released. Let me know how it goes. Thanks, Jay
Don't waste your time on that patch. It won't fix your issue. Somehow and old Red hat 2.4 netkey bug was worked around with that fix. However, there is some work being done towards what looks like your ip comp issue. Jay
IMO openswan-2.3.0 could be marked as stable on x86. however, I didn't tested NAT-traversal at all.
did you ever get compression working in versions > 2.3.1?
I will try it on 2.4.4
compression on openswan-2.4.4 works as expected.