[Openswan Users] Installing OpenSwan for the first time

Peter McGill petermcgill at goco.net
Wed Mar 12 13:33:47 EDT 2008


That is how you enable and disable the /proc settings.
 
One thing for sure you need to address is:
> Two or more interfaces found, checking IP forwarding            [FAILED]

You can fix this by:

echo "1" > /proc/sys/net/ipv4/ip_forward

You'll also need to add that line to your system startup scripts,

so that it gets set again after a reboot.

 
Peter McGill
 


  _____  

From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Arjun Datta
Sent: March 12, 2008 1:28 PM
To: 'Chris Thomas'; users at openswan.org
Subject: Re: [Openswan Users] Installing OpenSwan for the first time


Hi Chris,
 
I had a similar problem and I resolved it as follows:
 
Those files are in the proc filesystem and contain a 0 or a 1 for disabled/enabled.
 
Simply disable the redirects by changing the 0 to a 1 in all of those files.  I used a script that I keep handy because sometimes
after reboot or restarting the network, those files go back to defaults and the redirects are enabled.
 
After doing that you can check your work by running ipsec verify again.
 
I am not sure if this is the correct way of doing this but I did the above and my VPN connection seems to work so far.
 
Regards,
 
Arjun Datta
 
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]On Behalf Of Chris Thomas
Sent: Wednesday, March 12, 2008 1:07 PM
To: users at openswan.org
Subject: [Openswan Users] Installing OpenSwan for the first time



I am attempting to install OpenSwan on a Ubuntu 7.10 server.  I ran apt-get install openswan and received the following after
running ipsec verify:

 

root at gatekeeper:/home/administrator# ipsec verify

Checking your system to see if IPsec got installed and started correctly:

Version check and ipsec on-path                                 [OK]

Linux Openswan U2.4.6/K2.6.22-14-server (netkey)

Checking for IPsec support in kernel                            [OK]

NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]

 

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects

  or NETKEY will cause the sending of bogus ICMP redirects!

 

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

 

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects

  or NETKEY will accept bogus ICMP redirects!

 

Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]

  ipsec showhostkey: no default key in "/etc/ipsec.secrets"

Checking that pluto is running                                  [OK]

Two or more interfaces found, checking IP forwarding            [FAILED]

Checking for 'ip' command                                       [OK]

Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support                                [DISABLED]

root at gatekeeper:/home/administrator#  

 

I'm not exactly sure how to disable "/proc/sys/net/ipv4/conf/*/send_redirects" and I'm not sure if everything else there is OK or
not.  It does not match watch the wiki tells me I should have, so I want to address this before I proceed.

 

Thanks in advance,

-Chris

 

 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 10486 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20080312/861890f6/attachment.bin 


More information about the Users mailing list