[strongSwan] Compression - how to check it?

Andreas Steffen andreas.steffen at strongswan.org
Thu May 5 15:29:34 CEST 2011 

On 05/05/2011 03:02 PM, Kamil Jońca wrote:
> Andreas Steffen
> <andreas.steffen at strongswan.org>  writes:
>
> --8<---------------cut here---------------start------------->8---
>>
>> src 192.168.0.1 dst 192.168.0.100
>> 	proto comp spi 0x0000bdf9(48633) reqid 1(0x00000001) mode tunnel
>> 	replay-window 0 seq 0x00000000 flag af-unspec (0x00100000)
>> 	comp deflate 0x (0 bits)
>> 	lifetime config:
> --8<---------------cut here---------------end--------------->8---
> [...]
> So, the key line is  "comp deflate 0x (0 bits)", right?
The key line is proto comp spi since the normal IPsec SA entry
is proto esp spi.

> How can I check why compression is turned off?
Set the debug level to

   charondebug="cfg 2, chd 2"

which will list the proposals and send me the log file.

Andreas

> config:
> --8<---------------cut here---------------start------------->8---
> version 2.0     # conforms to second version of ipsec.conf specification
> ca alfa
>          cacert=ca-kaczka.kjonca.pem
> config setup
>          charonstart=yes
>          plutostart=no
>          interfaces="%defaultroute"
>          plutodebug="all"
>          charondebug="all"
>          nat_traversal=yes
> conn %default
>          left=%defaultroute
>          leftsubnet=192.168.200.0/24
>          leftcert=/etc/ipsec.d/certs/circinus.aster.net.pl.1.pem
>          leftca=" C=PL, ST=Mazowieckie, L=Warszawa, O=kjonca.kjonca, OU=ipsec, CN=openswan--kjonca.kjonca"
>          keyexchange=ikev2
>          leftsourceip=192.168.200.200
>          auto=add
>          compress=yes
> conn bambus.kjonca
>          right=%any
>          rightsourceip=192.168.200.211
>          rekey=no
> include /var/lib/strongswan/ipsec.conf.inc
> --8<---------------cut here---------------end--------------->8---
>
> Client is windows7 laptop configured as described at
> http://wiki.strongswan.org/projects/strongswan/wiki/Win7Config
>
> KJ
>
>
>


-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list