IPSEC tunnel FreeBSD Freeswan (dlouhe)

Josef Dvorak pepadvorak at volny.cz
Tue Jun 1 08:11:11 CEST 2004


Zdravim,
uhodil jste hrebicek na hlavicku -> bylo to tou kompresi. Uz sem na to vcera
taky prisel kdyz sem laboroval s parametry na Linuxu. Ja tam na tom Linuxu
mel totiz asi 7 VPN spojeni proti ruznym Linuxum ve svete a v default jsem
tu kompresi mel zapnutou.

Diky za pomoc

Pepa Dvorak

-----Original Message-----
From: users-l-bounces at freebsd.cz [mailto:users-l-bounces at freebsd.cz]On
Behalf Of Dan Lukes
Sent: Monday, May 31, 2004 8:47 PM
To: FreeBSD mailing list
Subject: Re: IPSEC tunnel FreeBSD Freeswan (dlouhe)


Josef Dvorak napsal/wrote, On 05/31/04 10:09:
> Nicmene zmineny parametr jsem zkusil vyhodit, ale bez efektu. Spis to
vypada
> na ten proposal - viz. detailnejsi log:
>
> 2004-05-31 10:05:03: DEBUG: proposal.c:828:printsaproto():  (proto_id=ESP
> spisize=4 spi=ace5cd20 spi_p=00000000 encmode=Tunnel reqid=0:0)
> 2004-05-31 10:05:03: DEBUG: proposal.c:862:printsatrns():   (trns_id=3DES
> encklen=0 authtype=hmac-md5)
> 2004-05-31 10:05:03: DEBUG: proposal.c:862:printsatrns():   (trns_id=3DES
> encklen=0 authtype=hmac-sha)
> 2004-05-31 10:05:03: DEBUG: proposal.c:828:printsaproto():
(proto_id=IPCOMP
> spisize=2 spi=000041e9 spi_p=00000000 encmode=Tunnel reqid=0:0)
> 2004-05-31 10:05:03: DEBUG: proposal.c:869:printsatrns():
> (trns_id=DEFLATE)
> 2004-05-31 10:05:03: DEBUG: ipsec_doi.c:993:get_ph2approvalx(): my single
> bundle:
> 2004-05-31 10:05:03: DEBUG: proposal.c:828:printsaproto():  (proto_id=ESP
> spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
> 2004-05-31 10:05:03: DEBUG: proposal.c:862:printsatrns():   (trns_id=3DES
> encklen=0 authtype=hmac-sha)
> 2004-05-31 10:05:03: ERROR: ipsec_doi.c:1001:get_ph2approvalx(): not
matched

	No, me se v te vzdalene nabidce nelibi ten IPCOMP ...

	Uz jen proto, ze udajne ma mit FreesWAN defaultne kompresi zakazanou a
ja v tom tvem konfiguraku nevidel jeji povoleni.

	Osobne bych za lepsi pokus ted videl explicitne zakazat kompresi na
strane Linuxu nez se pokouset rozchodit ji na FreeBSD. Coz znamena
pridat do konfigurace "compress no" a podivat se, co to udela.



						Dan



--
Dan Lukes     tel: +420 2 21914205, fax: +420 2 21914206
root of  FIONet, KolejNET,  webmaster  of www.freebsd.cz
AKA: dan at obluda.cz, dan at freebsd.cz,dan at kolej.mff.cuni.cz
--
FreeBSD mailing list (users-l at freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l




More information about the Users-l mailing list