[Openswan Users] [FAILED] messages

Can Akalin canakalin77 at gmail.com
Tue Apr 18 13:22:34 CEST 2006

Hello all,

I am trying to start openswan v.2.4.5 on a Suse Linux 10 machine, kernel

I have installed the openswan and when I run ipsec verify command, here is
what I get;

linuxlaptop:/usr/local/src/openswan-2.4.5 # /usr/local/sbin/ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.5/K2.6.13-15-default (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [OK]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Checking for 'curl' command for CRL fetching                    [OK]
Opportunistic Encryption Support                                [DISABLED]
linuxlaptop:/usr/local/src/openswan-2.4.5 #

I read an explanation regarding the same issue on the openswanlist that was
written by Paul and there he says that :

"You might want to edit those in /etc/sysctl.conf to disable those redirects"

 Here is my /etc/sysctl.conf file

# Disable response to broadcasts.
# You don't want yourself becoming a Smurf amplifier.
net.ipv4.icmp_echo_ignore_broadcasts = 1
# enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 1
# enable ipV6 forwarding
#net.ipv6.conf.all.forwarding = 1
#Enable routing (IP Forwarding)

I put 0 instead of 1 at the top 2 two lines and tried that way. But I
had the same output when I run ipsec verify.

Anyone can help me?

Thank you very much.

Can Akalin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060418/42fe0a00/attachment.htm

More information about the Users mailing list