[Openswan Users] Openswan-2.6.14 Step by step install procedure

Peter McGill petermcgill at goco.net
Wed Aug 6 10:20:03 EDT 2008 

Sunil,

Openswan is IPSec not PPTP, they are two distinct VPN technologies.
Perhaps you meant L2TP/IPSec, which uses xl2tpd and Openswan.
If you really want PPTP then try looking at www.poptop.org.

As for your Openswan errors below:
You need oe=off in your config setup section of ipsec.conf to fix
the opportunistic encryption error at the bottom.
As for the other two errors find the files it mentions.
Ie) ls /proc/sys/net/ipv4/conf/*/send_redirects
Then: echo 0 > eachfile, this will disable the features/errors.

Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Sunil Bhandarkar
> Sent: August 2, 2008 4:44 AM
> To: users at openswan.org
> Subject: [Openswan Users] Openswan-2.6.14 Step by step 
> install procedure
> 
> Dear Paul,
>  
> I want to install Openswan-2.6.14 software on Oracle linux 
> enterprise  server  using PPtp for roaming users
> It would be great if you can give the step by step 
> installation process for doing the same.
>  
>  
> I am gettind stuck when i do ipsec verify 
>  
>    
> [root at vpnt etc]# ipsec verify
> Checking your system to see if IPsec got installed and 
> started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.6.14/K2.6.18-8.el5xen (netkey)
> Checking for IPsec support in kernel                            [OK]
> Testing against enforced SElinux mode                           [OK]
> NETKEY detected, testing for disabled ICMP send_redirects     
>   [FAILED]
> 
>   Please disable /proc/sys/net/ipv4/conf/*/send_redirects
>   or NETKEY will cause the sending of bogus ICMP redirects!
> 
> NETKEY detected, testing for disabled ICMP accept_redirects   
>   [FAILED]
> 
>   Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
>   or NETKEY will accept bogus ICMP redirects!
> 
> Checking for RSA private key (/etc/ipsec.secrets)               [OK]
> Checking that pluto is running                                  [OK]
> Two or more interfaces found, checking IP forwarding          
>   [FAILED]
> Checking for 'ip' command                                       [OK]
> Checking for 'iptables' command                                 [OK]
> 
> Opportunistic Encryption DNS checks:
>    Looking for TXT in forward dns zone: vpnt.linux.com
>         [MISSING]
>    Does the machine have at least one non-private address?    
>   [FAILED]
>  
>  
> ifconfig for the same.
>  
> eth0      Link encap:Ethernet  HWaddr 00:0D:60:6E:9E:E4  
>           inet addr:172.16.10.112  Bcast:172.16.10.255  
> Mask:255.255.255.0
>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>           Interrupt:19 
> 
> eth1      Link encap:Ethernet  HWaddr 00:05:5D:4A:5E:7A  
>           inet addr:202.60.128.215  Bcast:202.60.128.255  
> Mask:255.255.255.0
>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>           Interrupt:20 Base address:0xc000 
> 
> lo        Link encap:Local Loopback  
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:5965 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:5965 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0 
>           RX bytes:8102452 (7.7 MiB)  TX bytes:8102452 (7.7 MiB)
>  
> Regards
> Sunil
>

More information about the Users mailing list