Hi,
I think there is a problem with ipcomp : packets are compressed even in some cases where compression does not reduce their size ; as a result they are rejected by the remote system. Entire packet before compression (IPs are masked with ff) : 0000 02 00 00 00 00 00 c3 55 00 00 00 00 45 00 00 9a 0010 a4 06 40 00 40 04 00 00 ff ff ff ff ff ff ff ff 0020 45 00 00 86 27 3c 40 00 40 06 45 c7 ff ff ff ff 0030 ff ff ff ff a7 92 14 51 82 86 6c 4f db 5b 47 c5 0040 80 18 01 00 3e 12 00 00 01 01 08 0a 6f 25 8a ef 0050 00 03 46 64 7b 22 74 63 70 22 3a 74 72 75 65 2c 0060 22 6f 6d 69 74 22 3a 30 2c 22 74 69 6d 65 22 3a 0070 31 30 2c 22 70 61 72 61 6c 6c 65 6c 22 3a 31 2c 0080 22 6c 65 6e 22 3a 31 33 31 30 37 32 2c 22 63 6c 0090 69 65 6e 74 5f 76 65 72 73 69 6f 6e 22 3a 22 33 00a0 2e 31 2e 33 22 7d Data offset 0x20, data length 134 bytes. Packet after compression : 0000 02 00 00 00 c6 c1 76 91 00 0c 00 00 45 00 00 9c 0010 a4 06 40 00 40 6c 00 00 ff ff ff ff ff ff ff ff 0020 04 00 c3 55 73 65 60 68 53 b7 71 60 70 60 73 3d 0030 7e 60 05 e3 3f ae 13 0c 8c cb 27 89 04 36 b5 e5 0040 f8 df 8e 76 3f da 20 c1 c8 60 27 c4 c0 c0 c8 c8 0050 c1 95 af da f5 9e 81 d9 2d a5 5a a9 24 b9 40 c9 0060 aa a4 a8 34 55 47 29 3f 37 b3 44 c9 ca 40 47 a9 0070 24 33 37 55 c9 ca 10 c8 2a 48 2c 4a cc c9 49 cd 0080 01 f2 74 94 72 52 f3 80 b4 b1 a1 81 b9 91 8e 52 0090 72 4e 66 6a 5e 49 7c 59 6a 51 71 66 3e 50 5c c9 00a0 58 cf 50 cf 58 a9 16 00 Data offset 0x20, data length 136 bytes, it's superior to uncompressed. I use OpenBSD 6.3 generic and linux + strongSwan 5.5.1 as remote system, everythings works when ipcomp is disabled, ipcomp only works when compressed packets size is inferior to uncompressed. Best regards.
