tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPv6 + tunnel + ESP + IPcomp?

Andrew Cagney <> wrote:
    > for reference, here's the SADB/SPD entries for outgoing on NetBSD the
    > current: byte counts would suggest the packet is being both compressed
    > and encrypted (I filed about about that being silly, I don't see signs
    > of ESN - another bug):

Are you configuring this using an IKEv2 daemon, or manually?
Can you just turn off IPCOMP?

    > Looking at xfrm_stats, each packet increments this: XfrmInNoStates 7
    > which is described as No state is found i.e. Either inbound SPI,
    > address, or IPsec protocol at SA is wrong

I've debugging through the part of the Linux kernel where XfrmInNoStates is
incremented a lot recently, chasing ESP over IPv6-LL problems.  I could
believe that in situations where IPCOMP is not used, because the packet did
not compress, that there might be problems still.

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index