tech-net: Re: IPSec and Compression

Subject: Re: IPSec and Compression
To: J. Buck Caldwell <buckaroo@liveround.com>
From: None <itojun@iijlab.net>
List: tech-net
Date: 07/30/2003 16:30:49

>Yea... I had that figured. I was kinda hoping for a bit more detail. Given:
>
>IPSEC.CONF:
>spdadd corpaddr branchaddr any -P out ipsec esp/transport//require;
>spdadd branchaddr corpaddr any -P in ipsec esp/transport//require;
>
>Do I just need to add:
>spdadd corpaddr branchaddr any -P out ipsec ipcomp/transport//require;
>spdadd branchaddr corpaddr any -P in ipsec ipcomp/transport//require;
>
>and the appropriate reversal on the other end? Do I need to specify 
>these lines before or after the esp lines, or is ordering handled 
>internally?

	use the following lines for your ipsec.conf.

itojun


spdadd corpaddr branchaddr any -P out ipsec ipcomp/transport//use esp/transport//require;
spdadd branchaddr corpaddr any -P in ipsec ipcomp/transport//use esp/transport//require;