[Openswan Users] Error, tunel up, but error in log

Paul Wouters paul at xelerance.com
Tue Apr 18 22:51:17 CEST 2006

On Tue, 18 Apr 2006, Sergio Bazilio wrote:

> In /var/log/messages/
> ipsec__plutorun: ...could not start conn

I have seen this message now with a few people, even though the con later
starts fine. I am not sure why this is happening for some people.

>   Please disable /proc/sys/net/ipv4/conf/*/send_redirects
>   or NETKEY will cause the sending of bogus ICMP redirects!
>   Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
>   or NETKEY will accept bogus ICMP redirects!

> [root at chattv01 ~]# sysctl -p
> net.ipv4.ip_forward = 1
> net.ipv4.conf.default.rp_filter = 0
> net.ipv4.conf.default.accept_source_route = 0

> net.ipv4.conf.all.accept_redirects = 0
> net.ipv4.conf.all.send_redirects = 0

"default" is not the same as "all". Default policies only apply to new
interfaces, not already existing ones. Also, I have found the "all" be
rather unreliable, and recommend also adding the ones specifying the
ethX interfaces specifically.


More information about the Users mailing list