Is IP compression/ipcomp flows implemented in ipsecctl(8)? I am trying
to perform encryption (enc) and compression (ipcomp) between two
OBSD3.9 hosts.
ipcomp(4) states, "Currently, IPCA can be created using the ipsecadm(8)
tool," with no mention of ipsecctl.
Here is my simple setup:
sysctl net.inet.ipcomp.enable=1
# ipsec.conf
flow esp from 192.168.2.2 to 192.168.2.1
ipcomp from 192.168.2.2 to 192.168.2.1 spi 0x1000:0x1001 comp deflate
esp from 192.168.2.2 to 192.168.2.1 spi 0x1000:0x1001 \
authkey
0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
enckey
0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
The IP addresses and spi values are swapped on the other host's
ipsec.conf. I also tried using different spi values for ipcomp and esp.
I performed many ftp and scp transfers, checking for ipcomp packets
using tcpdump and netstat, but no ipcomp traffic. Encryption between
the hosts is working properly.
-pachl
