<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
        {page:Section1;}
/* List Definitions */
@list l0
        {mso-list-id:1612661686;
        mso-list-type:hybrid;
        mso-list-template-ids:1543797890 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Ah, stupid word or outlook have converted a double dash to some
other character. It should be “--purge"<o:p></o:p></span></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hmm sounds like permissions error, do you really have superuser
access? Alternatively pipe the output from sysctl to a text file and search it
some other way.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Richard de Rivaz
[mailto:richard@mdr.co.uk] <br>
<b>Sent:</b> Tuesday, 6 January 2009 7:45 p.m.<br>
<b>To:</b> Aaron Hicks<br>
<b>Cc:</b> users@lists.openswan.org<br>
<b>Subject:</b> Re: [Openswan Users] Openswan on Ubuntu 8.10<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Hi Aaron<br>
<br>
Thanks for your helpful email. I am still stuck early in the process!<br>
<br>
1. sudo apt-get –purge remove openswan ipsec-tools raccoon vpnc<br>
<br>
does not appear to like purge and remove in the same command line.<br>
<br>
2. sudo sysctl -a | grep 'ip4.conf.*redirect'<br>
<br>
gives the following errors:<br>
<br>
error: "Invalid argument" reading key
"fs.binfmt_misc.register"<br>
error: permission denied on key 'net.ipv4.route.flush'<br>
<br>
So I cannot progress beyond the 'ipsec verify' stage.<br>
<br>
The config file is currently:<br>
<br>
#<br>
# /etc/sysctl.conf - Configuration file for setting system variables<br>
# See /etc/sysctl.d/ for additional system variables.<br>
# See sysctl.conf (5) for information.<br>
#<br>
<br>
#kernel.domainname = example.com<br>
<br>
# Uncomment the following to stop low-level messages on console<br>
#kernel.printk = 4 4 1 7<br>
<br>
##############################################################3<br>
# Functions previously found in netbase<br>
#<br>
<br>
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)<br>
# Turn on Source Address Verification in all interfaces to<br>
# prevent some spoofing attacks<br>
net.ipv4.conf.default.rp_filter=1<br>
net.ipv4.conf.all.rp_filter=1<br>
<br>
# Uncomment the next line to enable TCP/IP SYN cookies<br>
# This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167),<br>
# and is not recommended.<br>
#net.ipv4.tcp_syncookies=1<br>
<br>
# Uncomment the next line to enable packet forwarding for IPv4<br>
net.ipv4.ip_forward=0<br>
<br>
# Uncomment the next line to enable packet forwarding for IPv6<br>
net.ipv6.conf.all.forwarding=0<br>
<br>
<br>
###################################################################<br>
# Additional settings - these settings can improve the network<br>
# security of the host and prevent against some network attacks<br>
# including spoofing attacks and man in the middle attacks through<br>
# redirection. Some network environments, however, require that these<br>
# settings are disabled so review and enable them as needed.<br>
#<br>
# Ignore ICMP broadcasts<br>
net.ipv4.icmp_echo_ignore_broadcasts = 1<br>
#<br>
# Ignore bogus ICMP errors<br>
net.ipv4.icmp_ignore_bogus_error_responses = 1<br>
# <br>
# Do not accept ICMP redirects (prevent MITM attacks)<br>
net.ipv4.conf.all.accept_redirects = 0<br>
net.ipv6.conf.all.accept_redirects = 0<br>
# _or_<br>
# Accept ICMP redirects only for gateways listed in our default<br>
# gateway list (enabled by default)<br>
# net.ipv4.conf.all.secure_redirects = 1<br>
#<br>
# Do not send ICMP redirects (we are not a router)<br>
net.ipv4.conf.all.send_redirects = 0<br>
#<br>
# Do not accept IP source route packets (we are not a router)<br>
net.ipv4.conf.all.accept_source_route = 0<br>
net.ipv6.conf.all.accept_source_route = 0<br>
#<br>
# Log Martian Packets<br>
net.ipv4.conf.all.log_martians = 1<br>
#<br>
# The contents of /proc/<pid>/maps and smaps files are only visible to <br>
# readers that are allowed to ptrace() the process<br>
# sys.kernel.maps_protect = 1<br>
<br>
<br>
Regards Richard<br>
-- <br>
<br>
Richard de Rivaz<br>
MDR Interfaces Ltd<br>
Computer Control Specialists<br>
<br>
Tel: +44(0)1825 790294 Fax: +44(0)1825 790119<br>
Reg in England No. 1577056 Directors: R de Rivaz Z de Rivaz<br>
Reg Address: Little Bridge House, Danehill, Sussex RH17 7JD<br>
<br>
http://www.mdr.co.uk<o:p></o:p></p>
</div>
</body>
</html>