[Openswan Users] Installing OpenSwan for the first time

Chris Thomas cthomas at harkinsbuilders.com
Wed Mar 12 14:11:04 EDT 2008 

OK, should I worry about setting the "accept_redirects" in just my
interfaces or do I need to set it in "all", "default" and "lo" as well?

 

Care to share you script?  J  I would be most grateful.  I'm still
fumbling my way through Linux, so I'm not sure how to write it myself.

 

Thanks for the help!

-Chris

 

From: Arjun Datta [mailto:arjun at greatgulfhomes.com] 
Sent: Wednesday, March 12, 2008 1:28 PM
To: Chris Thomas; users at openswan.org
Subject: RE: [Openswan Users] Installing OpenSwan for the first time

 

Hi Chris,

 

I had a similar problem and I resolved it as follows:

 

Those files are in the proc filesystem and contain a 0 or a 1 for
disabled/enabled.

 

Simply disable the redirects by changing the 0 to a 1 in all of those
files.  I used a script that I keep handy because sometimes after reboot
or restarting the network, those files go back to defaults and the
redirects are enabled.

 

After doing that you can check your work by running ipsec verify again.

 

I am not sure if this is the correct way of doing this but I did the
above and my VPN connection seems to work so far.

 

Regards,

 

Arjun Datta

 

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]On
Behalf Of Chris Thomas
Sent: Wednesday, March 12, 2008 1:07 PM
To: users at openswan.org
Subject: [Openswan Users] Installing OpenSwan for the first time

I am attempting to install OpenSwan on a Ubuntu 7.10 server.  I ran
apt-get install openswan and received the following after running ipsec
verify:

 

root at gatekeeper:/home/administrator# ipsec verify

Checking your system to see if IPsec got installed and started
correctly:

Version check and ipsec on-path                                 [OK]

Linux Openswan U2.4.6/K2.6.22-14-server (netkey)

Checking for IPsec support in kernel                            [OK]

NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]

 

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects

  or NETKEY will cause the sending of bogus ICMP redirects!

 

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

 

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects

  or NETKEY will accept bogus ICMP redirects!

 

Checking for RSA private key (/etc/ipsec.secrets)
[DISABLED]

  ipsec showhostkey: no default key in "/etc/ipsec.secrets"

Checking that pluto is running                                  [OK]

Two or more interfaces found, checking IP forwarding            [FAILED]

Checking for 'ip' command                                       [OK]

Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support
[DISABLED]

root at gatekeeper:/home/administrator#  

 

I'm not exactly sure how to disable
"/proc/sys/net/ipv4/conf/*/send_redirects" and I'm not sure if
everything else there is OK or not.  It does not match watch the wiki
tells me I should have, so I want to address this before I proceed.

 

Thanks in advance,

-Chris

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080312/49be9281/attachment-0001.html

More information about the Users mailing list