[Openswan Users] An internal VPN
John
John at DMJ-Consultancy.co.uk
Fri Nov 4 09:20:25 CET 2005
Paul Wouters wrote:
>On Thu, 3 Nov 2005, John wrote:
>
>
>
>>Thanks, Paul. I've posted the two outputs at www.dmj-consultancy.me.uk/ipsec
>>as text files.
>>
>>
>
>all/rp_filter:1
>default/rp_filter:1
>eth0/rp_filter:1
>eth1/rp_filter:1
>lo/rp_filter:1
>
>You need to disable rp_filter (eg through /etc/sysctl.conf)
>
>+ cat /etc/syslog.conf
>cat: /etc/syslog.conf: No such file or directory
>
>I am not seeing the actual logs because they do not seem to be logged.
>This is odd, did you uninstall the syslog daemon? This causes the
>entire Openswan key exchange to not be logged in a place where 'ipsec
>barf' can find it. So I still can hardly see anything about what is
>going wrong.
>
>Paul
>_______________________________________________
>Users mailing list
>Users at openswan.org
>http://lists.openswan.org/mailman/listinfo/users
>
>
>
'Dump' of sysctl.conf:
# Disable response to broadcasts.
# You don't want yourself becoming a Smurf amplifier.
net.ipv4.icmp_echo_ignore_broadcasts = 1
# enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 1
# enable ipV6 forwarding
#net.ipv6.conf.all.forwarding = 1
Presumably, I need to set all.rp_filter = 0?
My installation is SuSE 10 'out of the box' so I am not conscious of
having uninstalled the syslog daemon. Although I have set the firewall
(in Yast) to allow IPSEC traffic and to be seen as 'same zone as
original source network', are there any other settings I need to check
in my firewall, which sees 10.0.0.31 as its external interface?
Thanks
John
More information about the Users
mailing list