[Openswan Users] Re-2: VPN established, trafic is not encrypted
Paul Wouters
paul at xelerance.com
Tue Sep 4 11:08:26 EDT 2007
On Tue, 4 Sep 2007, Ludovic MARCILLY wrote:
> Checking for IPsec support in kernel [OK]
> NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
>
> Please disable /proc/sys/net/ipv4/conf/*/send_redirects
> or NETKEY will cause the sending of bogus ICMP redirects!
You should fix this sysctl setting.
> Cannot execute command "which iptables": No such file or directory
You might want to install iptables too.
> > > I try to ping 192.168.4.194 from a box in LAN 1 and i see icmp packets from
> > > 192.168.8.193 to 192.168.4.194 on router 1. I think i should not see these
> > > packets since they should be encrypted. Am i right ?
> >
> > Not if you are using NETKEY and not KLIPS. Check with ipsec --version.
>
> Sorry, i have forgotten to say i'm using netkey:
> i know that but i'm seeing packets on the router, not on the gateway. In my router logs, i can see icmp packets.
Show us an "ipsec barf" when the connection is up and running.
Paul
More information about the Users
mailing list