[Openswan Users] Installing OpenSwan for the first time

Arjun Datta arjun at greatgulfhomes.com
Wed Mar 12 13:27:32 EDT 2008 

Hi Chris,
 
I had a similar problem and I resolved it as follows:
 
Those files are in the proc filesystem and contain a 0 or a 1 for
disabled/enabled.
 
Simply disable the redirects by changing the 0 to a 1 in all of those files.
I used a script that I keep handy because sometimes after reboot or
restarting the network, those files go back to defaults and the redirects
are enabled.
 
After doing that you can check your work by running ipsec verify again.
 
I am not sure if this is the correct way of doing this but I did the above
and my VPN connection seems to work so far.
 
Regards,
 
Arjun Datta
 
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]On
Behalf Of Chris Thomas
Sent: Wednesday, March 12, 2008 1:07 PM
To: users at openswan.org
Subject: [Openswan Users] Installing OpenSwan for the first time



I am attempting to install OpenSwan on a Ubuntu 7.10 server.  I ran apt-get
install openswan and received the following after running ipsec verify:

 

root at gatekeeper:/home/administrator# ipsec verify

Checking your system to see if IPsec got installed and started correctly:

Version check and ipsec on-path                                 [OK]

Linux Openswan U2.4.6/K2.6.22-14-server (netkey)

Checking for IPsec support in kernel                            [OK]

NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]

 

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects

  or NETKEY will cause the sending of bogus ICMP redirects!

 

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

 

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects

  or NETKEY will accept bogus ICMP redirects!

 

Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]

  ipsec showhostkey: no default key in "/etc/ipsec.secrets"

Checking that pluto is running                                  [OK]

Two or more interfaces found, checking IP forwarding            [FAILED]

Checking for 'ip' command                                       [OK]

Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support                                [DISABLED]

root at gatekeeper:/home/administrator#  

 

I'm not exactly sure how to disable
"/proc/sys/net/ipv4/conf/*/send_redirects" and I'm not sure if everything
else there is OK or not.  It does not match watch the wiki tells me I should
have, so I want to address this before I proceed.

 

Thanks in advance,

-Chris

 

 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 8716 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20080312/c0a15cbb/attachment-0001.bin

More information about the Users mailing list