Hello,<br> Sorry for the delay. Anyway, this is what my /etc/sysctl.conf looks like now. <br>--<br># Disable response to broadcasts.<br># You don't want yourself becoming a Smurf amplifier.<br>net.ipv4.icmp_echo_ignore_broadcasts = 1<br>
net.ipv4.ip_forward = 1<br># enable route verification on all interfaces<br>net.ipv4.conf.all.rp_filter = 0<br># enable ipV6 forwarding<br>#net.ipv6.conf.all.forwarding = 1<br># increase the number of possible inotify(7) watches<br>
fs.inotify.max_user_watches = 65536<br># avoid deleting secondary IPs on deleting the primary IP<br>net.ipv4.conf.default.promote_secondaries = 1<br>net.ipv4.conf.all.promote_secondaries = 1<br># when using 1 interface for two networks when using NETKEY, the kernel<br>
# kernel thinks it can be clever by sending a redirect (cause it cannot<br># tell an encrypted packet came in, but a decrypted packet came out),<br># so it sends a bogus ICMP redirect<br>net.ipv4.conf.all.send_redirects = 0<br>
net.ipv4.conf.default.send_redirects = 0<br>net.ipv4.icmp_ignore_bogus_error_responses = 1<br>net.ipv4.conf.all.log_martians = 0<br>net.ipv4.conf.default.log_martians = 0<br>--<br> I rebooted my device and tried to ping out to the other network and still, no luck. Any thoughts on where this problem can be? I strongly doubt this is in the IPSec itself as we can see the other end and the people at the other end can ping our device (but nothing else). Can it be an IP tables issue? Is there something I need to enable in the kernel? My thoughts are that the packets are not going from my network through the IPSec tunnel and their packets can get to our IPSec Device but nowhere else in the network. Let me know, I really want to resolve this. <br>
<br clear="all">Sincerely, <br><br>Jay<br><br><br>
<br><br><div class="gmail_quote">On Wed, Nov 4, 2009 at 6:47 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">On Wed, 4 Nov 2009, Jay Smith wrote:<br>
<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">
Date: Wed, 4 Nov 2009 11:30:23 -0600<br>
From: Jay Smith <<a href="mailto:me@jayftw.com" target="_blank">me@jayftw.com</a>><br>
Cc: <a href="mailto:users@openswan.org" target="_blank">users@openswan.org</a><br></div>
To: Paul Wouters <<a href="mailto:paul@xelerance.com" target="_blank">paul@xelerance.com</a>><div class="im"><br>
Subject: Re: [Openswan Users] Problem with networking traffic past the tunnel<br>
<br></div><div class="im">
Hello,<br>
It's not there either. I found an /etc/sysctl.conf and it says<br>
</div></blockquote>
<br><div><div></div><div class="h5">
Yes. You need to merge the lines I gave you into that file.<br>
<br>
Paul<br>
</div></div></blockquote></div><br>