[Openswan Users] ipsec verify question

Arjun Datta arjun at greatgulfhomes.com
Wed Jan 30 14:37:14 EST 2008

Hi Folks,

#ipsec verify gives me the following

[root at fw etc]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.7/K2.6.23.12-52.fc7 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.d/hostkey.secrets)     [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [N/A]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

NAT and MASQ'ing is N/A - how can I correct this ?  More importantly, is
this what would prevent me from being able to ping the subnet behind this
end of the tunnel from the other side ?

My ipsec tunnel is up and running, I think, as evidenced by this output from
ipsec auto --status:
000 #7: "conn_name":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
EVENT_SA_REPLACE in 3279s; newest ISAKMP; nodpd


Arjun Datta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080130/f06c5777/attachment.html 

More information about the Users mailing list