Andrew Cagney <andrew.cagney%gmail.com@localhost> wrote: > for reference, here's the SADB/SPD entries for outgoing on NetBSD the > current: byte counts would suggest the packet is being both compressed > and encrypted (I filed about about that being silly, I don't see signs > of ESN - another bug): Are you configuring this using an IKEv2 daemon, or manually? Can you just turn off IPCOMP? > Looking at xfrm_stats, each packet increments this: XfrmInNoStates 7 > which is described as No state is found i.e. Either inbound SPI, > address, or IPsec protocol at SA is wrong I've debugging through the part of the Linux kernel where XfrmInNoStates is incremented a lot recently, chasing ESP over IPv6-LL problems. I could believe that in situations where IPCOMP is not used, because the packet did not compress, that there might be problems still.
Description: PGP signature