Andrew Cagney <andrew.cagney%gmail.com@localhost> wrote:
> for reference, here's the SADB/SPD entries for outgoing on NetBSD the
> current: byte counts would suggest the packet is being both compressed
> and encrypted (I filed about about that being silly, I don't see signs
> of ESN - another bug):
Are you configuring this using an IKEv2 daemon, or manually?
Can you just turn off IPCOMP?
> Looking at xfrm_stats, each packet increments this: XfrmInNoStates 7
> which is described as No state is found i.e. Either inbound SPI,
> address, or IPsec protocol at SA is wrong
I've debugging through the part of the Linux kernel where XfrmInNoStates is
incremented a lot recently, chasing ESP over IPv6-LL problems. I could
believe that in situations where IPCOMP is not used, because the packet did
not compress, that there might be problems still.
Attachment:
signature.asc
Description: PGP signature