Date: Sat, 8 Jun 2002 14:41:56 -0700 (PDT) From: Kirill Alder-Ponazdyr <quak@dplanet.ch> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/39047: IPSEC Compression (IPCOMP) broken in tunnel mode Message-ID: <200206082141.g58Lfu5V017261@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 39047 >Category: kern >Synopsis: IPSEC Compression (IPCOMP) broken in tunnel mode >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jun 08 14:50:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Kirill Alder-Ponazdyr >Release: RELENG_4 (4.x Stable) >Organization: Codeangels Solutions >Environment: FreeBSD 4.6-RC FreeBSD 4.6-RC #0: Sat Jun 8 19:55:21 CEST 2002 i386 >Description: IPSec Compression does not work properly in tunneling mode, the kernel spits following errors: /kernel: ipcomp_decompress: inflate(Z_FINISH): unknown error (-2) The IPSec tunnel setup by itself seems to be working, since we can use ESP without any problem. In addition to that, the compression algorythm handshake only seems to work then racoon is utilized, when hardcoded as the setkey parameters it will stall or slowdown the connection. >How-To-Repeat: Setup an IPCOMP tunnel on both machines/gateways using following statements: spdadd <local network> <remote network> any -P out ipsec ipcomp/tunnel/<local ip>-<remote ip>/require; spdadd <remote network> <local network> any -P in ipsec ipcomp/tunnel/<remote ip>-<local ip>/require; Startup racoon on both machines, try to ftp a file in any direction. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206082141.g58Lfu5V017261>