I'm running Debian 3.1 (2.6 kernel) on two remote hosts. I've created an IPSec VPN with racoon and shorewall and have traffic being successfully routed between the two hosts over the internet. The problem I have arises when I try to add compression to the IPSec link. As far as I've determined, this should be transparent. I watch the link negotiation, and it appears successful in syslog. Unfortunately, traffic sent across the link is dropped by the firewall. Stranger, the firewall identifies protocol 0 as the dropped traffic, rather than IPComp or ESP. If I remove the compression option, the link immediately functions 100% normally again. I posted on the shorewall list first, and it did not appear to be an issue with shorewall configuration (I don't see why it would be since it works uncompressed). I've done lsmod on both end systems and ipcomp,esp,deflate etc are all loaded as necessary. I see no errors in syslog or on the terminal from any of the programs involved. It's a mystery to me why compression is causing my traffic to be dropped. I'm aware troubleshooting this will probably involve including configs, but I'm hoping to first isolate the problem so I can file an accurate bug report.
Thanks...
