У кого-нибудь получилось сжимать данные идущие по туннелю? В документации написано что достаточно добавить опцию compress=yes в секцию conn. Без этой опции работает, а вот с ней нет.
Вот кусок лога при отключенной компресси
Starting Openswan IPsec U2.2.0/K2.6.11.4-20a-smp...
including NAT-Traversal patch (Version 0.6c) [disabled]
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Using Linux 2.6 IPsec interface code
Changing to directory '/etc/ipsec.d/cacerts'
Could not change to directory '/etc/ipsec.d/aacerts'
Could not change to directory '/etc/ipsec.d/ocspcerts'
Changing to directory '/etc/ipsec.d/crls'
Warning: empty directory
added connection description "net-to-net"
added connection description "road-warrior"
listening for IKE messages
adding interface eth0/eth0 192.168.135.131
adding interface lo/lo 127.0.0.1
adding interface lo/lo ::1
loading secrets from "/etc/ipsec.secrets"
"road-warrior" #1: initiating Main Mode
"road-warrior" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"road-warrior" #1: I did not send a certificate because I do not have one.
"road-warrior" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"road-warrior" #1: Peer ID is ID_FQDN: '@x.y.ru'
"road-warrior" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"road-warrior" #1: ISAKMP SA established
"road-warrior" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
"road-warrior" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
"road-warrior" #2: sent QI2, IPsec SA established {ESP=>0x69bc4ef1 <0x0027d057}
А вот со включенной
Starting Openswan IPsec U2.2.0/K2.6.11.4-20a-smp...
Starting Pluto (Openswan Version 2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR)
including NAT-Traversal patch (Version 0.6c) [disabled]
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Using Linux 2.6 IPsec interface code
Changing to directory '/etc/ipsec.d/cacerts'
Could not change to directory '/etc/ipsec.d/aacerts'
Could not change to directory '/etc/ipsec.d/ocspcerts'
Changing to directory '/etc/ipsec.d/crls'
Warning: empty directory
added connection description "net-to-net"
added connection description "road-warrior"
listening for IKE messages
adding interface eth0/eth0 192.168.135.131
adding interface lo/lo 127.0.0.1
adding interface lo/lo ::1
loading secrets from "/etc/ipsec.secrets"
"road-warrior" #1: initiating Main Mode
"road-warrior" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"road-warrior" #1: I did not send a certificate because I do not have one.
"road-warrior" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"road-warrior" #1: Peer ID is ID_FQDN: '@x.y.ru'
"road-warrior" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"road-warrior" #1: ISAKMP SA established
"road-warrior" #2: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#1}
"road-warrior" #1: ignoring informational payload, type INVALID_MESSAGE_ID
"road-warrior" #1: received and ignored informational message
"road-warrior" #1: ignoring informational payload, type INVALID_MESSAGE_ID
"road-warrior" #1: received and ignored informational message
За компрессию вроде отвечает модуль ядра ipcomp... Я его руками загрузил на обоих концах, а все равно не работает. Перестартовал ipsec естественно...
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(??) on 23-Мрт-06, 15:14 
