Configuration challenge for ipsec.conf with ipcomp.
the reason for doing this is an attempt to speed up the connection
to a site in singapore from norway.
The Singapore site has OpenBSD 5.3 but is not used in the config test.
What I have been using and is working in the test(ipsec.conf):
ike esp from $lan_Dalen2 to $lan_Maffy \
local $FW_Dalen2 peer $FW_Maffy \
main auth hmac-sha1 enc aes-128 group modp1024 life 3600 \
quick auth hmac-sha1 enc aes-128 group modp1024 life 3600 \
psk $psk_Maffy tag ipsec
This works fine.
Then I tried to add after:
flow ipcomp from $lan_Dalen2 to $lan_Maffy peer $FW_Maffy
The second line is accepted by ipsecctl but has no impact.
ipcomp is enabled:
# sysctl |grep ipcomp
net.inet.ipcomp.enable=1
Test boxes:
# uname -a
OpenBSD dalen 5.0 GENERIC#43 i386
# uname -a
OpenBSD worf 5.1 GENERIC.MP#188 i386
>From the man ipsec.conf MANUAL SECURITY ASSOCIATIONS might be needed?
I have been searching before posting but I can't seem to find the
answer.
does a working example exist that could be made public?
Regards
Gaute Lundal
