<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.</div><div><br></div><div><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>From: </b></span><span style="font-family:'Helvetica'; font-size:medium;">"Mikael Hagstrom" <<a href="mailto:mikael@hagstroem.net">mikael@hagstroem.net</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Subject: </b></span><span style="font-family:'Helvetica'; font-size:medium;"><b>Re: [Openswan Users] Two or more interfaces found, checking IP forwarding [FAILED]</b><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Date: </b></span><span style="font-family:'Helvetica'; font-size:medium;">3 August, 2013 7:35:28 AM EDT<br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>To: </b></span><span style="font-family:'Helvetica'; font-size:medium;">"Leto" <<a href="mailto:letoams@gmail.com">letoams@gmail.com</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Cc: </b></span><span style="font-family:'Helvetica'; font-size:medium;">"<a href="mailto:users@lists.openswan.org">users@lists.openswan.org</a>" <<a href="mailto:users@lists.openswan.org">users@lists.openswan.org</a>><br></span></div><br><br><div style="font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif;">Hi Leto,<br><br>Thank you very much for your reply. I'm still facing issues though. I'm able to connect to the VPN server if I'm on my local network but when I try to connect over internet I get below in the auth.log and then the connection fails. I have added part of my sysctl.conf file below also. Is there something else I need to configure to allow connection from internet to the VPN server. I'm running Ubuntu 13.04.<br><br>tail /var/log/auth.log<br>Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #11: the peer proposed: 84.75.161.88/32:17/1701 -> 10.246.181.156/32:17/0<br>Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #11: NAT-Traversal: received 2 NAT-OA. using first, ignoring others<br>Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: responding to Quick Mode proposal {msgid:72a62b9d}<br>Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: us: 10.0.1.8<10.0.1.8>:17/1701<br>Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: them: 178.197.236.245[10.246.181.156]:17/65528===10.246.181.156/32<br>Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1<br>Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2<br>Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: Dead Peer Detection (RFC 3706): enabled<br>Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<br>Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x02e4dc9d <0x633607c3 xfrm=AES_256-HMAC_SHA1 NATOA=10.246.181.156 NATD=178.197.236.245:19301 DPD=en}<br><br>My sysctl.conf file contains below<br>net.ipv4.conf.default.send_redirects=0<br>net.ipv4.conf.all.send_redirects=0<br>#net.ipv4.conf.eth0.send_redirects=0<br>#net.ipv4.conf.eth1.send_redirects=0<br>#net.ipv4.conf.lo.send_redirects=0<br>#net.ipv4.conf.wlan0.send_redirects=0<br>net.ipv4.conf.default.accept_redirects=0<br>net.ipv4.conf.all.accept_redirects=0<br>#net.ipv4.conf.eth0.accept_redirects=0<br>#net.ipv4.conf.eth1.accept_redirects=0<br>#net.ipv4.conf.lo.accept_redirects=0<br>#net.ipv4.conf.wlan0.accept_redirects=0<br><br>net.ipv4.ip_forward = 1<br><br><p>On Jul 12, 2013 14:58 "Leto" <a href="mailto:letoams@gmail.com"><letoams@gmail.com></a> wrote:</p><blockquote type="cite"><meta http-equiv="content-type" content="text/html; charset=utf-8"><div>It is a bug in old perl version of the 'ipsec verify' command. ignore it.<br><br>sent from a tiny device </div><div><br>On 2013-07-12, at 8:12, Patrick Naubert <<a href="mailto:patrickn@xelerance.com">patrickn@xelerance.com</a>> wrote:<br><br></div><blockquote type="cite"><meta http-equiv="Content-Type" content="text/html charset=us-ascii">Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.<br><div><br></div><div><br><div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>From: </b></span><span style="font-family:'Helvetica'; font-size:medium;">"Mikael Hagstrom" <<a href="mailto:mikael@hagstroem.net">mikael@hagstroem.net</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Subject: </b></span><span style="font-family:'Helvetica'; font-size:medium;"><b>Two or more interfaces found, checking IP forwarding [FAILED]</b><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Date: </b></span><span style="font-family:'Helvetica'; font-size:medium;">10 July, 2013 3:02:47 PM EDT<br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>To: </b></span><span style="font-family:'Helvetica'; font-size:medium;"><a href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br></span></div><br><br><div style="font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif;">Hi,<br><br>I'm trying to configure Openswan on Ubuntu 13.04. I get "Two or more interfaces found, checking IP forwarding [FAILED]" When I run "ipsec verify". I have tried adding <br><br>net.ipv4.conf.*.send_redirects=0<br>net.ipv4.conf.*.accept_redirects=0<br><br>for all my network interfaces and set net.ipv4.ip_forward = 1 but I still get the error message. I'm don't know what I'm doing wrong and any help would be very welcome.<br><br>Regards,<br><br>Mikael<br><br>--------ls /proc/sys/net/ipv4/conf/------<br>all default eth0 eth1 lo wlan0<br>-----------------------------------------<br><br>-----ipsec verify------<br>Checking your system to see if IPsec got installed and started correctly:<br>Version check and ipsec on-path [OK]<br>Linux Openswan U2.6.38/K3.8.0-26-generic (netkey)<br>Checking for IPsec support in kernel [OK]<br> SAref kernel support [N/A]<br> NETKEY: Testing XFRM related proc values [OK]<br> [OK]<br> [OK]<br>Checking that pluto is running [OK]<br> Pluto listening for IKE on udp 500 [OK]<br> Pluto listening for NAT-T on udp 4500 [OK]<br>Two or more interfaces found, checking IP forwarding [FAILED]<br>Checking NAT and MASQUERADEing [OK]<br>Checking for 'ip' command [OK]<br>Checking /bin/sh is not /bin/dash [WARNING]<br>Checking for 'iptables' command [OK]<br>Opportunistic Encryption Support [DISABLED]<br>--------------------------------<br><br><br>-----/etc/sysctl.conf-----<br><br># IPSec Verify Compliant<br>net.ipv4.conf.default.send_redirects=0<br>net.ipv4.conf.all.send_redirects=0<br>net.ipv4.conf.eth0.send_redirects=0<br>net.ipv4.conf.eth1.send_redirects=0<br>net.ipv4.conf.lo.send_redirects=0<br>net.ipv4.conf.wlan0.send_redirects=0<br>net.ipv4.conf.default.accept_redirects=0<br>net.ipv4.conf.all.accept_redirects=0<br>net.ipv4.conf.eth0.accept_redirects=0<br>net.ipv4.conf.eth1.accept_redirects=0<br>net.ipv4.conf.lo.accept_redirects=0<br>net.ipv4.conf.wlan0.accept_redirects=0<br><br>net.ipv4.ip_forward = 1<br><br>------------------------------------<br><br>------ifconfig-------------<br>eth0 Link encap:Ethernet HWaddr 00:16:cb:ae:21:d5 <br> UP BROADCAST MULTICAST MTU:1500 Metric:1<br> RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:1000 <br> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)<br> Interrupt:16 <br><br>eth1 Link encap:Ethernet HWaddr 02:26:b0:a7:9a:84 <br> UP BROADCAST MULTICAST MTU:1500 Metric:1<br> RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:1000 <br> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)<br><br>lo Link encap:Local Loopback <br> inet addr:127.0.0.1 Mask:255.0.0.0<br> inet6 addr: ::1/128 Scope:Host<br> UP LOOPBACK RUNNING MTU:65536 Metric:1<br> RX packets:530 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:530 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:0 <br> RX bytes:47614 (47.6 KB) TX bytes:47614 (47.6 KB)<br><br>wlan0 Link encap:Ethernet HWaddr 00:1c:b3:b2:8d:43 <br> inet addr:10.0.1.8 Bcast:10.0.1.255 Mask:255.255.255.0<br> inet6 addr: fe80::21c:b3ff:feb2:8d43/64 Scope:Link<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:2927 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:3084 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:1000 <br> RX bytes:1438598 (1.4 MB) TX bytes:497589 (497.5 KB)<br>------------------------------------------<br></div><br><br></div></div><br></blockquote><blockquote type="cite"><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a></span><br><span><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br><span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br></blockquote></blockquote></div><br><br></body></html>