Hello,<br> It's not there either. I found an /etc/sysctl.conf and it says<br>------<br># Disable response to broadcasts.<br># You don't want yourself becoming a Smurf amplifier.<br>net.ipv4.icmp_echo_ignore_broadcasts = 1<br>
# enable route verification on all interfaces<br>net.ipv4.conf.all.rp_filter = 1<br># enable ipV6 forwarding<br>#net.ipv6.conf.all.forwarding = 1<br># increase the number of possible inotify(7) watches<br>fs.inotify.max_user_watches = 65536<br>
# avoid deleting secondary IPs on deleting the primary IP<br>net.ipv4.conf.default.promote_secondaries = 1<br>net.ipv4.conf.all.promote_secondaries = 1<br>------<br clear="all"><br>I don't know if that's the same one or not. I wanted to make sure it was safe to make changes to that actual file. <br>
<br>Sincerely, <br><br>Jay<br>
<br><br><div class="gmail_quote">On Wed, Nov 4, 2009 at 10:07 AM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">On Wed, 4 Nov 2009, Jay Smith wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Okay, I do not see an examples folder. Where else can that sysctl.conf file be? To give you more info:<br>
We are indeed using 1 interface. This device also serves as the gateway for the network. It serves as our<br>
DHCP system and router. It does not serve DNS services though, the Domain Controller does. Not sure if<br>
that additional info helps at all or not.<br>
</blockquote>
<br></div><div><div></div><div class="h5">
It might be in /usr/share/doc/openswan*<br>
<br>
What you need is:<br>
<br>
# when using 1 interface for two networks when using NETKEY, the kernel<br>
# kernel thinks it can be clever by sending a redirect (cause it cannot<br>
# tell an encrypted packet came in, but a decrypted packet came out),<br>
# so it sends a bogus ICMP redirect<br>
net.ipv4.conf.all.send_redirects = 0<br>
net.ipv4.conf.default.send_redirects = 0<br>
net.ipv4.icmp_ignore_bogus_error_responses = 1<br>
net.ipv4.conf.all.log_martians = 0<br>
net.ipv4.conf.default.log_martians = 0<br>
<br>
You also need to enable forwarding and disable rp_filter:<br>
<br>
net.ipv4.ip_forward = 1<br>
net.ipv4.conf.default.rp_filter = 0<br>
<br>
</div></div></blockquote></div><br>