From owner-freebsd-stable@FreeBSD.ORG  Fri Jun 11 08:19:30 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6AA1E16A4CE
	for <freebsd-stable@freebsd.org>;
	Fri, 11 Jun 2004 08:19:30 +0000 (GMT)
Received: from www.perfi.com (www.perfi.com [62.205.190.154])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9B32D43D48
	for <freebsd-stable@freebsd.org>;
	Fri, 11 Jun 2004 08:19:29 +0000 (GMT)	(envelope-from vlad@perfi.com)
Received: from perfi.com (inf1.perfi.com [192.168.3.17])
	by www.perfi.com (8.12.9p2/8.12.9) with ESMTP id i5B8JHIx047007
	for <freebsd-stable@freebsd.org>;
	Fri, 11 Jun 2004 12:19:18 +0400 (MSD)	(envelope-from vlad@perfi.com)
Message-ID: <40C96AFF.5060600@perfi.com>
Date: Fri, 11 Jun 2004 12:19:11 +0400
From: Vladislav Gagarin <vlad@perfi.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; ru-RU;
	rv:1.6) Gecko/20040113
X-Accept-Language: ru, en-us
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
	www.perfi.com
Subject: IPSec and compression
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: vlad@perfi.com
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jun 2004 08:19:30 -0000

Hi All.

I can't resolve little problem. Couple of words about.
I've 2 offices in different cities. I need connect them via VPN. I'd 
read Handbook article "10.10 VPN over IPsec" and did all exactly. Fine, 
i have secured channel but ... without compression. I can't do 
compression. I'd tried do so

spdadd A.B.C.D/32 W.X.Y.Z/32 ipencap -P out ipsec 
ipcomp/tunnel/A.B.C.D-W.X.Y.Z/require
                esp/tunnel/A.B.C.D-W.X.Y.Z/require;
spdadd W.X.Y.Z/32 A.B.C.D/32 ipencap -P in ipsec 
esp/tunnel/W.X.Y.Z-A.B.C.D/require
            ipcomp/tunnel/W.X.Y.Z-A.B.C.D/require;
This work fine without "ipcomp". May be i should add additional rules to 
firewall?

-- 
Best regards
Vladislav Gagarin mailto:vlad@perfi.com