<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><DIV>Hi Rajitha,</DIV>
<DIV> </DIV>
<DIV>Please make sure to copy the list so that some other folks with the same issue in the future can see the resolution. I made the earlier mistake by not including the list address.</DIV>
<DIV> </DIV>
<DIV>Ofcourse you can use Openswan as xauth server. I have one set up.. works fine.</DIV>
<DIV> </DIV>
<DIV>If you search the list archives you will see solutions on the same problem. You have to enable certain kernel parameters. To remove the errors will do:</DIV>
<DIV> </DIV>
<DIV>echo "0" > /proc/sys/net/ipv4/conf/all/send_redirects</DIV>
<DIV>echo "0" > /proc/sys/net/ipv4/conf/default/send_redirects</DIV>
<DIV>echo "0" > /proc/sys/net/ipv4/conf/eth0/send_redirects</DIV>
<DIV>echo "0" > /proc/sys/net/ipv4/conf/eth1/send_redirects</DIV>
<DIV>echo "0" > /proc/sys/net/ipv4/conf/lo/send_redirects</DIV>
<DIV> </DIV>
<DIV>Do the same for everything under "<FONT color=#1f497d>/proc/sys/net/ipv4/conf/*/accept_redirects"</FONT></DIV>
<P><FONT color=#1f497d></FONT> </P>
<P><FONT color=#1f497d>To get ride of the Opportunistic Encryption DNS checks: You will have to include the following in your /etc/ipsec.conf (preferably at the end of the file)</FONT></P>
<P> </P>
<P>include /etc/ipsec.d/examples/no_oe.conf</P>
<P> </P>
<P>You should read up more from <A href="http://wiki.openswan.org">http://wiki.openswan.org</A></P>
<DIV><BR></DIV>
<DIV>Rgds,</DIV>
<DIV>Gbenga</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><SPAN style="COLOR: #1f497d">Hi Gbenga,</SPAN></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV class=Section1>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Thanks so much for the immediate response. Truly appreciate it.</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">With full pathname, I could verify if IPSEC is installed properly or not.. although it does give a failure in certain components:</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">[root@rreddy-fc5 openswan-2.6.14]# ipsec verify</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Checking your system to see if IPsec got installed and started correctly:</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Version check and ipsec on-path [OK]</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Linux Openswan U2.6.14/K2.6.19-1.2288.2.4.fc5smp (netkey)</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Checking for IPsec support in kernel [OK]</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">NETKEY detected, testing for disabled ICMP send_redirects [</SPAN><SPAN style="COLOR: red">FAILED</SPAN><SPAN style="COLOR: #1f497d">]</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> Please disable /proc/sys/net/ipv4/conf/*/send_redirects</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> or NETKEY will cause the sending of bogus ICMP redirects!</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">NETKEY detected, testing for disabled ICMP accept_redirects [</SPAN><SPAN style="COLOR: red">FAILED</SPAN><SPAN style="COLOR: #1f497d">]</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> Please disable /proc/sys/net/ipv4/conf/*/accept_redirects</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> or NETKEY will accept bogus ICMP redirects!</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Checking for RSA private key (/etc/ipsec.secrets) [OK]</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Checking that pluto is running [OK]</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Checking for 'ip' command [OK]</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Checking for 'iptables' command [OK]</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Opportunistic Encryption DNS checks:</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> Looking for TXT in forward dns zone: rreddy-fc5.mocana.local [</SPAN><SPAN style="COLOR: red">MISSING</SPAN><SPAN style="COLOR: #1f497d">]</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> Does the machine have at least one non-private address? [</SPAN><SPAN style="COLOR: red">FAILED</SPAN><SPAN style="COLOR: #1f497d">]</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">So, I have a question if I can use Openswan as an Xauth server to test my ipsec XAuth Client? Can you please let me know about it?</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Thanks again,</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Rajitha.</SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"> </SPAN></P>
<DIV>
<DIV style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<P class=MsoNormal><B><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma', 'sans-serif'">From:</SPAN></B><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma', 'sans-serif'"> Gbenga [mailto:stjames08@yahoo.co.uk] <BR><B>Sent:</B> Tuesday, July 01, 2008 3:51 PM<BR><B>To:</B> Rajitha Reddy<BR><B>Subject:</B> Re: [Openswan Users] Question on installing Openswan</SPAN></P></DIV></DIV>
<P class=MsoNormal> </P>
<DIV>
<DIV>
<P class=MsoNormal>Hi Rajitha,</P></DIV>
<DIV>
<P class=MsoNormal> </P></DIV>
<DIV>
<P class=MsoNormal>Next time you should provide more details, but it looks like the ipsec binary is not in your path. The way you install Openswan, it will be installed under /usr/local/sbin/ipsec. So you either do one of two things:</P></DIV>
<DIV>
<P class=MsoNormal> </P></DIV>
<DIV>
<P class=MsoNormal>export PATH=$PATH:/usr/local/bin:/usr/local/sbin</P></DIV>
<DIV>
<P class=MsoNormal> </P></DIV>
<DIV>
<P class=MsoNormal>or </P></DIV>
<DIV>
<P class=MsoNormal> </P></DIV>
<DIV>
<P class=MsoNormal>run ipsec with full pathname e.g /usr/local/sbin/ipsec verify.</P></DIV>
<DIV>
<P class=MsoNormal> </P></DIV>
<DIV>
<P class=MsoNormal>Rgds,</P></DIV>
<DIV>
<P class=MsoNormal>Gbenga</P></DIV>
<DIV>
<P class=MsoNormal> </P>
<DIV>
<P class=MsoNormal style="MARGIN-BOTTOM: 12pt"><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman', 'serif'"> </SPAN></P>
<DIV>
<P class=MsoNormal>Hi,</P>
<P class=MsoNormal> </P>
<P class=MsoNormal>I have a question on installing and configuring Openswan. I would like to use openswan as an XAUTH Server.</P>
<P class=MsoNormal> </P>
<P class=MsoNormal>I have downloaded openswan-2.6.14.tar.gz onto a linux box (2.6.19-1.2288.2.4.fc5smp). Under the folder openswan-2.6.14, I did the following:</P>
<P class=MsoNormal> </P>
<P class=MsoNormal>1. make programs</P>
<P class=MsoNormal>2. make install</P>
<P class=MsoNormal> </P>
<P class=MsoNormal>The installation guide then said to verify the installation by:</P>
<P class=MsoNormal> </P>
<P class=MsoNormal>ipsec verify</P>
<P class=MsoNormal> </P>
<P class=MsoNormal>But I get an error as follows:</P>
<P class=MsoNormal> </P>
<P class=MsoNormal>-bash: ipsec: command not found</P>
<P class=MsoNormal> </P>
<P class=MsoNormal>Can you please help me with this?</P>
<P class=MsoNormal> </P>
<P class=MsoNormal>Thanks so much for your time.</P>
<P class=MsoNormal> </P>
<P class=MsoNormal>Regards,</P>
<P class=MsoNormal>Rajitha.</P></DIV></DIV></DIV></DIV>
<P class=MsoNormal><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman', 'serif'"> </SPAN></P>
<DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman', 'serif'">
<HR align=center width="100%" SIZE=1>
</SPAN></DIV>
<P class=MsoNormal><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman', 'serif'">Not happy with your email address? <BR><A href="http://uk.docs.yahoo.com/ymail/new.html" target=_blank rel=nofollow>Get the one you really want</A> - millions of new email addresses available now at <A href="http://uk.docs.yahoo.com/ymail/new.html" target=_blank rel=nofollow>Yahoo!</A></SPAN></P></DIV></DIV></DIV></div><br>
<hr size=1>
Not happy with your email address?
<br> <a href="http://uk.docs.yahoo.com/ymail/new.html"> Get the one you
really want</a> - millions of new email addresses available now at <a
href="http://uk.docs.yahoo.com/ymail/new.html"> Yahoo!</a></body></html>