From nobody@www.freebsd.org  Sat Jun  8 14:41:57 2002
Return-Path: <nobody@www.freebsd.org>
Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by hub.freebsd.org (Postfix) with ESMTP id F028137B403
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  8 Jun 2002 14:41:56 -0700 (PDT)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g58LfuhG017262
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 8 Jun 2002 14:41:56 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.2/8.12.2/Submit) id g58Lfu5V017261;
	Sat, 8 Jun 2002 14:41:56 -0700 (PDT)
Message-Id: <200206082141.g58Lfu5V017261@www.freebsd.org>
Date: Sat, 8 Jun 2002 14:41:56 -0700 (PDT)
From: Kirill Alder-Ponazdyr <quak@dplanet.ch>
To: freebsd-gnats-submit@FreeBSD.org
Subject: IPSEC Compression (IPCOMP) broken in tunnel mode
X-Send-Pr-Version: www-1.0

>Number:         39047
>Category:       kern
>Synopsis:       IPSEC Compression (IPCOMP) broken in tunnel mode
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    remko
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 08 14:50:01 PDT 2002
>Closed-Date:    Mon Jul 30 10:13:05 GMT 2007
>Last-Modified:  Mon Jul 30 10:13:05 GMT 2007
>Originator:     Kirill Alder-Ponazdyr
>Release:        RELENG_4 (4.x Stable)
>Organization:
Codeangels Solutions
>Environment:
FreeBSD 4.6-RC FreeBSD 4.6-RC #0: Sat Jun 8 19:55:21 CEST 2002 i386

>Description:
IPSec Compression does not work properly in tunneling mode, the kernel spits following errors:

/kernel: ipcomp_decompress: inflate(Z_FINISH): unknown error (-2)

The IPSec tunnel setup by itself seems to be working, since we can use ESP without any problem.

In addition to that, the compression algorythm handshake only seems to work then racoon is utilized, 
when hardcoded as the setkey parameters it will stall or slowdown the connection.
>How-To-Repeat:
Setup an IPCOMP tunnel on both machines/gateways using following statements:

spdadd <local network> <remote network> any -P out ipsec ipcomp/tunnel/<local ip>-<remote ip>/require;
spdadd <remote network> <local network> any -P in ipsec ipcomp/tunnel/<remote ip>-<local ip>/require;

Startup racoon on both machines, try to ftp a file in any direction.
>Fix:

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: remko 
State-Changed-When: Fri Dec 29 19:56:09 UTC 2006 
State-Changed-Why:  
Hello, I think this is resolved 'already', can you please 
confirm this? Sorry it took this long! 


Responsible-Changed-From-To: freebsd-bugs->remko 
Responsible-Changed-By: remko 
Responsible-Changed-When: Fri Dec 29 19:56:09 UTC 2006 
Responsible-Changed-Why:  
grab thepr. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=39047 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Mon Jul 30 10:12:39 UTC 2007 
State-Changed-Why:  
Feedback timeout (> 6 months). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=39047 
>Unformatted:
