Hello all,<br>
<br>
I am trying to start openswan v.2.4.5 on a Suse Linux 10 machine, kernel 2.6.13-15.<br>
<br>
I have installed the openswan and when I run ipsec verify command, here is what I get;<br>
<br>
<br>
linuxlaptop:/usr/local/src/openswan-2.4.5 # /usr/local/sbin/ipsec verify<br>
Checking your system to see if IPsec got installed and started correctly:<br>
Version check and ipsec
on-path
[OK]<br>
Linux Openswan U2.4.5/K2.6.13-15-default (netkey)<br>
Checking for IPsec support in
kernel
[OK]<br>
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]<br>
<br>
Please disable /proc/sys/net/ipv4/conf/*/send_redirects<br>
or NETKEY will cause the sending of bogus ICMP redirects!<br>
<br>
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]<br>
<br>
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects<br>
or NETKEY will accept bogus ICMP redirects!<br>
<br>
Checking for RSA private key
(/etc/ipsec.secrets)
[OK]<br>
Checking that pluto is
running
[OK]<br>
Two or more interfaces found, checking IP forwarding [OK]<br>
Checking NAT and
MASQUERADEing
[OK]<br>
Checking for 'ip'
command
[OK]<br>
Checking for 'iptables'
command
[OK]<br>
Checking for 'curl' command for CRL
fetching
[OK]<br>
Opportunistic Encryption
Support
[DISABLED]<br>
linuxlaptop:/usr/local/src/openswan-2.4.5 #<br>
<br>
<br>
<br>
I read an explanation regarding the same issue on the openswanlist that was written by Paul and there he says that :<br>
<pre><font style="font-family: times new roman,serif;" size="2">"You might want to edit those in /etc/sysctl.conf to disable those redirects"</font><font size="2"><br><br><span style="font-family: arial,sans-serif;">
</span></font><font size="2"><font size="4"><font size="2"> Here is my /etc/sysctl.conf file<br><br># Disable response to broadcasts.<br># You don't want yourself becoming a Smurf amplifier.<br>net.ipv4.icmp_echo_ignore_broadcasts
= 1<br># enable route verification on all interfaces<br>net.ipv4.conf.all.rp_filter = 1<br># enable ipV6 forwarding<br>#net.ipv6.conf.all.forwarding = 1<br>#Enable routing (IP Forwarding)<br>net.ipv4.ip_forward=1<br><br>
I put 0 instead of 1 at the top 2 two lines and tried that way. But I had the same output when I run ipsec verify.<br><br>Anyone can help me?<br><br>Thank you very much.<br><br><br><br>Can Akalin<br><br></font></font></font>
<font size="2"><br></font><br></pre>