[Openswan Users] Error, tunel up, but error in log
Paul Wouters
paul at xelerance.com
Tue Apr 18 22:51:17 CEST 2006
On Tue, 18 Apr 2006, Sergio Bazilio wrote:
> In /var/log/messages/
>
> ipsec__plutorun: ...could not start conn
I have seen this message now with a few people, even though the con later
starts fine. I am not sure why this is happening for some people.
> Please disable /proc/sys/net/ipv4/conf/*/send_redirects
> or NETKEY will cause the sending of bogus ICMP redirects!
>
> Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
> or NETKEY will accept bogus ICMP redirects!
> [root at chattv01 ~]# sysctl -p
> net.ipv4.ip_forward = 1
> net.ipv4.conf.default.rp_filter = 0
> net.ipv4.conf.default.accept_source_route = 0
> net.ipv4.conf.all.accept_redirects = 0
> net.ipv4.conf.all.send_redirects = 0
"default" is not the same as "all". Default policies only apply to new
interfaces, not already existing ones. Also, I have found the "all" be
rather unreliable, and recommend also adding the ones specifying the
ethX interfaces specifically.
Paul
More information about the Users
mailing list