[Openswan Users] Question on installing Openswan

Gbenga stjames08 at yahoo.co.uk
Tue Jul 1 19:34:23 EDT 2008


Hi Rajitha,
Please make sure to copy the list so that some other folks with the same issue in the future can see the resolution. I made the earlier mistake by not including the list address.
Ofcourse you can use Openswan as xauth server. I have one set up.. works fine.
If you search the list archives you will see solutions on the same problem. You have to enable certain kernel parameters. To remove the errors will do:
echo "0" > /proc/sys/net/ipv4/conf/all/send_redirects
echo "0" > /proc/sys/net/ipv4/conf/default/send_redirects
echo "0" > /proc/sys/net/ipv4/conf/eth0/send_redirects
echo "0" > /proc/sys/net/ipv4/conf/eth1/send_redirects
echo "0" > /proc/sys/net/ipv4/conf/lo/send_redirects
Do the same for  everything under "/proc/sys/net/ipv4/conf/*/accept_redirects"
To get ride of the Opportunistic Encryption DNS checks: You will have to include the following in your /etc/ipsec.conf (preferably at the end of the file)
include /etc/ipsec.d/examples/no_oe.conf
You should read up more from http://wiki.openswan.org

Rgds,
Gbenga
Hi Gbenga,
 
Thanks so much for the immediate response. Truly appreciate it.
 
With full pathname, I could verify if IPSEC is installed properly or not.. although it does give a failure in certain components:
 
[root at rreddy-fc5 openswan-2.6.14]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                                              [OK]
Linux Openswan U2.6.14/K2.6.19-1.2288.2.4.fc5smp (netkey)
Checking for IPsec support in kernel                                                       [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]
 
  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!
 
NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]
 
  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!
 
Checking for RSA private key (/etc/ipsec.secrets)                             [OK]
Checking that pluto is running                                                                    [OK]
Checking for 'ip' command                                                                           [OK]
Checking for 'iptables' command                                                              [OK]
 
Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: rreddy-fc5.mocana.local  [MISSING]
   Does the machine have at least one non-private address?         [FAILED]
 
 
So, I have a question if I can use Openswan as an Xauth server to test my  ipsec XAuth Client? Can you please let me know about it?
 
Thanks again,
Rajitha.
 
From:Gbenga [mailto:stjames08 at yahoo.co.uk] 
Sent: Tuesday, July 01, 2008 3:51 PM
To: Rajitha Reddy
Subject: Re: [Openswan Users] Question on installing Openswan
 
Hi Rajitha,
 
Next time you should provide more details, but it looks like the ipsec binary is not in your path. The way you install Openswan, it will be installed under /usr/local/sbin/ipsec. So you either do one of two things:
 
export PATH=$PATH:/usr/local/bin:/usr/local/sbin
 
or 
 
run ipsec with full pathname e.g /usr/local/sbin/ipsec verify.
 
Rgds,
Gbenga
 
 
Hi,
 
I have a question on installing and configuring Openswan. I would like to use openswan as an XAUTH Server.
 
I have downloaded  openswan-2.6.14.tar.gz onto a linux box (2.6.19-1.2288.2.4.fc5smp). Under the folder openswan-2.6.14, I did the following:
 
1. make programs
2. make install
 
The installation guide then said to verify the installation by:
 
ipsec verify
 
But I get an error as follows:
 
-bash: ipsec: command not found
 
Can you please help me with this?
 
Thanks so much for your time.
 
Regards,
Rajitha.
 

________________________________

Not happy with your email address? 
Get the one you really want - millions of new email addresses available now at Yahoo!


      __________________________________________________________
Not happy with your email address?.
Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080701/85ec81a9/attachment-0001.html 


More information about the Users mailing list