[Openswan Users] [FAILED] messages
Paul Wouters
paul at xelerance.com
Tue Apr 18 20:11:01 CEST 2006
On Tue, 18 Apr 2006, Can Akalin wrote:
> Linux Openswan U2.4.5/K2.6.13-15-default (netkey)
> NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
>
> Please disable /proc/sys/net/ipv4/conf/*/send_redirects
> or NETKEY will cause the sending of bogus ICMP redirects!
>
> NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
>
> Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
> or NETKEY will accept bogus ICMP redirects!
> Here is my /etc/sysctl.conf file
> # Disable response to broadcasts.
> # You don't want yourself becoming a Smurf amplifier.
> net.ipv4.icmp_echo_ignore_broadcasts = 1
> # enable route verification on all interfaces
> net.ipv4.conf.all.rp_filter = 1
set to 0
> # enable ipV6 forwarding
> #net.ipv6.conf.all.forwarding = 1
> #Enable routing (IP Forwarding)
> net.ipv4.ip_forward=1
>
> I put 0 instead of 1 at the top 2 two lines and tried that way. But I
> had the same output when I run ipsec verify.
You need to add entries:
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
Then run sysctl -p (or reboot)
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list