Problem with IPComp on VPN

To: debian-user@lists.debian.org
Subject: Problem with IPComp on VPN
From: Cyber Dog <cyberdog3k@gmail.com>
Date: Mon, 17 Oct 2005 00:28:36 -0400
Message-id: <[🔎] cbb8f04c0510162128j54c83616kfbfd35f568f14fce@mail.gmail.com>

I'm running Debian 3.1 (2.6 kernel) on two remote hosts.  I've created
an IPSec VPN with racoon and shorewall and have traffic being
successfully routed between the two hosts over the internet.  The
problem I have arises when I try to add compression to the IPSec link.
 As far as I've determined, this should be transparent.  I watch the
link negotiation, and it appears successful in syslog.  Unfortunately,
traffic sent across the link is dropped by the firewall.  Stranger,
the firewall identifies protocol 0 as the dropped traffic, rather than
IPComp or ESP.  If I remove the compression option, the link
immediately functions 100% normally again.  I posted on the shorewall
list first, and it did not appear to be an issue with shorewall
configuration (I don't see why it would be since it works
uncompressed).  I've done lsmod on both end systems and
ipcomp,esp,deflate etc are all loaded as necessary.  I see no errors
in syslog or on the terminal from any of the programs involved.  It's
a mystery to me why compression is causing my traffic to be dropped. 
I'm aware troubleshooting this will probably involve including
configs, but I'm hoping to first isolate the problem so I can file an
accurate bug report.

Thanks...

Reply to:

Prev by Date: Sangoma woes
Next by Date: Re: Lucy & the Football
Previous by thread: Sangoma woes
Next by thread: lsmod permanent
Index(es):
- Date
- Thread