IPsec with IPcomp - pfsense 2.4.4-RELEASE-p1



  • I am trying to get to the bottom of whether IPsec "IP Compression" works with pfsense 2.4.4. My memory is that there were some problems with IP compression in earlier pfsense versions, but searching does not appear to yield an answer about IP compression in 2.4.4.

    I have tried turning on "IP Compression" in VPN/IPsec/Settings and there doesn't appear to be any change in the generated ipsec.conf file. So as far as I can see turning the option on/off doesn't actually do anything - unless I am looking in the wrong place!

    Also, when (existing, non-pfsense routers) remote IPsec connections that have IP Compression enabled attempt to connect to pfsense the VPN is rejected by pfsense. Ticking/unticking the pfsense "IP Compression" option appears to have no effect.

    The slightly strange thing is that pfsense/charon reports the "received proposals" as empty (ie. nothing) for phase 2 when the remote end has IP compression enabled. If I turn off IP compression at the remote end then pfsense/charon reports the correct proposal and the phase 2 establishes.

    I am trying to upgrade an existing network of routers and I would prefer to be able to do this in a step-by-step manner, with as few changes as possible to the configuration at each step. Being able to utilise the existing IPsec configurations would make life a lot easier.

    So, as I said, does anyone know the status of IPsec compression in pfsense 2.4.4?

    Thanks,
    Tim


  • LAYER 8 Netgate



  • Thanks for that info. At least my memory about the fact that there was a problem is correct!

    I guess the only other comment is that, as noted by others in the ticket, the compression option is far from "little used'.

    Thanks again.