Jorge, Seems like last time it had something to do with the kernel version (but a patch in openswan fixed it). If you could...go ahead and post "cat /proc/version" here. Thanks, Phillip Jorge Santos wrote: Hi all FYI, i have the same prob, but i am using CentOS 4.3 on both sides and openswan-2.4.5. On the server side i have klips and on the client, i have netkey, both compiled from source.Hello all, I seem to be having a problem using OpenSwan with Fedora Core 5. The tunnel establishes just fine, but it seems that whenever compression is enabled, information cannot travel across the tunnel. Oddly enough, it will travel one way -- from the Fedora Core 5 machine to a known-to-work Fedora Core 3 machine. If "compress=no" is set on both ipsec.conf files, then it works just fine. I had this problem with Fedora Core 4 and the eventual fix was to use "openswan-2.3.2x" (the fix also worked on Fedora Core 3). I've tried using that, but I'm back to FC5's rpm of "openswan-2.4.4-1.1.2.1.i386" since it didn't help. Here's a reference of the FC4 post that discussed the fix: http://lists.openswan.org/pipermail/users/2005-July/005592.html (Also another important thing to note, would be that small pings do not go thru when "compress=yes") Version info: Linux version 2.6.15-1.2054_FC5 (bhcompile@xxxxxxxxxxxxxxxxxxxxxxxxxxx) (gcc version 4.1.0 20060304 (Red Hat 4.1.0-3)) #1 Tue Mar 14 15:48:33 EST 2006. Linux Openswan U2.4.4/K2.6.15-1.2054_FC5 (netkey) ipsec.conf (the important part, with the important numbers & names substituted): " conn SUNRISEtoSUNSET authby=secret left=5.5.5.5 leftsubnet=192.168.1.0/24 leftnexthop=%defaultroute right=7.7.7.7 rightsubnet=192.168.2.0/24 rightnexthop=%defaultroute compress=yes auto=start " Thanks, Phillip _______________________________________________ Users@xxxxxxxxxxxx http://lists.openswan.org/mailman/listinfo/users Building and Integrating Virtual Private Networks with Openswan: http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155 |