From owner-freebsd-bugs  Sat Jun  8 14:50:17 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 17B3B37B409
	for <freebsd-bugs@hub.freebsd.org>; Sat,  8 Jun 2002 14:50:02 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g58Lo2064562;
	Sat, 8 Jun 2002 14:50:02 -0700 (PDT)
	(envelope-from gnats)
Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by hub.freebsd.org (Postfix) with ESMTP id F028137B403
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  8 Jun 2002 14:41:56 -0700 (PDT)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g58LfuhG017262
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 8 Jun 2002 14:41:56 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.2/8.12.2/Submit) id g58Lfu5V017261;
	Sat, 8 Jun 2002 14:41:56 -0700 (PDT)
Message-Id: <200206082141.g58Lfu5V017261@www.freebsd.org>
Date: Sat, 8 Jun 2002 14:41:56 -0700 (PDT)
From: Kirill Alder-Ponazdyr <quak@dplanet.ch>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: kern/39047: IPSEC Compression (IPCOMP) broken in tunnel mode
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         39047
>Category:       kern
>Synopsis:       IPSEC Compression (IPCOMP) broken in tunnel mode
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 08 14:50:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Kirill Alder-Ponazdyr
>Release:        RELENG_4 (4.x Stable)
>Organization:
Codeangels Solutions
>Environment:
FreeBSD 4.6-RC FreeBSD 4.6-RC #0: Sat Jun 8 19:55:21 CEST 2002 i386

>Description:
IPSec Compression does not work properly in tunneling mode, the kernel spits following errors:

/kernel: ipcomp_decompress: inflate(Z_FINISH): unknown error (-2)

The IPSec tunnel setup by itself seems to be working, since we can use ESP without any problem.

In addition to that, the compression algorythm handshake only seems to work then racoon is utilized, 
when hardcoded as the setkey parameters it will stall or slowdown the connection.
>How-To-Repeat:
Setup an IPCOMP tunnel on both machines/gateways using following statements:

spdadd <local network> <remote network> any -P out ipsec ipcomp/tunnel/<local ip>-<remote ip>/require;
spdadd <remote network> <local network> any -P in ipsec ipcomp/tunnel/<remote ip>-<local ip>/require;

Startup racoon on both machines, try to ftp a file in any direction.
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message