[Openswan Users] Re-2: VPN established, trafic is not encrypted

Paul Wouters paul at xelerance.com
Tue Sep 4 11:08:26 EDT 2007

On Tue, 4 Sep 2007, Ludovic MARCILLY wrote:

> Checking for IPsec support in kernel                            [OK]
> NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]
>   Please disable /proc/sys/net/ipv4/conf/*/send_redirects
>   or NETKEY will cause the sending of bogus ICMP redirects!

You should fix this sysctl setting.

>   Cannot execute command "which iptables": No such file or directory

You might want to install iptables too.

> > > I try to ping from a box in LAN 1 and i see icmp packets from
> > > to on router 1. I think i should not see these
> > > packets since they should be encrypted. Am i right ?
> >
> > Not if you are using NETKEY and not KLIPS. Check with ipsec --version.
> Sorry, i have forgotten to say i'm using netkey:

> i know that but i'm seeing packets on the router, not on the gateway. In my router logs, i can see icmp packets.

Show us an "ipsec barf" when the connection is up and running.


More information about the Users mailing list