[strongSwan] IPCOMP question
Martin Willi
martin at strongswan.org
Mon Jun 3 11:09:55 CEST 2013
Hi Jeremy,
> I recently tried the patch which removes the restriction on IPComp from
> NATd connections and unfortunately it appears not to work.
I did some more testing with IPComp enabled over NAT.
Everything seems to work fine here (on Linux 3.0.2), I can't reproduce
the issue you are seeing. Works all as expected for different scenarios
(virtual IP clients, forwarding gateway etc.).
> home{7}: AES_CBC_128/HMAC_SHA1_96, 1083043 bytes_i (969 pkts, 1s ago), 69478 bytes_o (720 pkts, 1s ago), rekeying in 12 minutes
It seems that some packets go through in both directions. To further
debug this issue, I'd recommend to start a network sniffer on the
involved hosts to see where exactly the packets get lost.
Regards
Martin
More information about the Users
mailing list