[Openswan Users] Fwd: Lost packets after DNAT

Jacco de Leeuw jacco2 at dds.nl
Mon Feb 28 09:42:51 CET 2005


George Adams wrote:

> Given the following connection
> description from "FreeS/WAN IPSec version:
> super-freeswan-1.99.7"
> kernel: martian source 192.168.208.137 from
> 10.0.62.6, on dev ipsec0

echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
(assuming that ipsec0 is hooked up to eth0).
Alternatively, you could add net.ipv4.conf.default.rp_filter = 0
to /etc/sysctl.conf

Probably a better idea would be to upgrade from the obsolete
SuperFreeS/WAN to Openswan or Strongswan.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list