[strongSwan] IPCOMP question

Martin Willi martin at strongswan.org
Mon Jun 3 11:09:55 CEST 2013

Hi Jeremy,

> I recently tried the patch which removes the restriction on IPComp from
> NATd connections and unfortunately it appears not to work.

I did some more testing with IPComp enabled over NAT.

Everything seems to work fine here (on Linux 3.0.2), I can't reproduce
the issue you are seeing. Works all as expected for different scenarios
(virtual IP clients, forwarding gateway etc.).

> home{7}:  AES_CBC_128/HMAC_SHA1_96, 1083043 bytes_i (969 pkts, 1s ago), 69478 bytes_o (720 pkts, 1s ago), rekeying in 12 minutes

It seems that some packets go through in both directions. To further
debug this issue, I'd recommend to start a network sniffer on the
involved hosts to see where exactly the packets get lost.


More information about the Users mailing list