<html><head><style type='text/css'>p { margin: 0; }</style></head><body>Hi Aaron<br><br>Thanks for your helpful email. I am still stuck early in the process!<br><br>1. sudo apt-get –purge remove openswan
ipsec-tools raccoon vpnc<br><br>does not appear to like purge and remove in the same command line.<br><br>2. sudo sysctl -a | grep 'ip4.conf.*redirect'<br><br>gives the following errors:<br><br>error: "Invalid argument" reading key "fs.binfmt_misc.register"<br>error: permission denied on key 'net.ipv4.route.flush'<br><br>So I cannot progress beyond the 'ipsec verify' stage.<br><br>The config file is currently:<br><br>#<br># /etc/sysctl.conf - Configuration file for setting system variables<br># See /etc/sysctl.d/ for additional system variables.<br># See sysctl.conf (5) for information.<br>#<br><br>#kernel.domainname = example.com<br><br># Uncomment the following to stop low-level messages on console<br>#kernel.printk = 4 4 1 7<br><br>##############################################################3<br># Functions previously found in netbase<br>#<br><br># Uncomment the next two lines to enable Spoof protection (reverse-path filter)<br># Turn on Source Address Verification in all interfaces to<br># prevent some spoofing attacks<br>net.ipv4.conf.default.rp_filter=1<br>net.ipv4.conf.all.rp_filter=1<br><br># Uncomment the next line to enable TCP/IP SYN cookies<br># This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167),<br># and is not recommended.<br>#net.ipv4.tcp_syncookies=1<br><br># Uncomment the next line to enable packet forwarding for IPv4<br>net.ipv4.ip_forward=0<br><br># Uncomment the next line to enable packet forwarding for IPv6<br>net.ipv6.conf.all.forwarding=0<br><br><br>###################################################################<br># Additional settings - these settings can improve the network<br># security of the host and prevent against some network attacks<br># including spoofing attacks and man in the middle attacks through<br># redirection. Some network environments, however, require that these<br># settings are disabled so review and enable them as needed.<br>#<br># Ignore ICMP broadcasts<br>net.ipv4.icmp_echo_ignore_broadcasts = 1<br>#<br># Ignore bogus ICMP errors<br>net.ipv4.icmp_ignore_bogus_error_responses = 1<br># <br># Do not accept ICMP redirects (prevent MITM attacks)<br>net.ipv4.conf.all.accept_redirects = 0<br>net.ipv6.conf.all.accept_redirects = 0<br># _or_<br># Accept ICMP redirects only for gateways listed in our default<br># gateway list (enabled by default)<br># net.ipv4.conf.all.secure_redirects = 1<br>#<br># Do not send ICMP redirects (we are not a router)<br>net.ipv4.conf.all.send_redirects = 0<br>#<br># Do not accept IP source route packets (we are not a router)<br>net.ipv4.conf.all.accept_source_route = 0<br>net.ipv6.conf.all.accept_source_route = 0<br>#<br># Log Martian Packets<br>net.ipv4.conf.all.log_martians = 1<br>#<br># The contents of /proc/<pid>/maps and smaps files are only visible to <br># readers that are allowed to ptrace() the process<br># sys.kernel.maps_protect = 1<br><br><br>Regards Richard<br>-- <br><br>Richard de Rivaz<br>MDR Interfaces Ltd<br>Computer Control Specialists<br><br>Tel: +44(0)1825 790294 Fax: +44(0)1825 790119<br>Reg in England No. 1577056 Directors: R de Rivaz Z de Rivaz<br>Reg Address: Little Bridge House, Danehill, Sussex RH17 7JD<br><br>http://www.mdr.co.uk</body></html>