[Openswan Users] Wrong conf ipsec
Paul Wouters
paul at xelerance.com
Mon Feb 23 12:41:36 EST 2009
On Mon, 23 Feb 2009, ALAEDDINE abbech wrote:
> i restart ipsec service and i (#ipsec auto --up test) in both host
> i have this message:
> 117 "test" #14: STATE_QUICK_I1: initiate
> 004 "test" #14: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x11aed5dd <0xeabdc300
> xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Looks good.
> and #ipsec setup status
> IPsec running - pluto pid: 3963
> pluto pid 3963
> No tunnels up
You are using netkey, and the ipsec setup status command only works for klips.
Check using:
ip xfrm policy
ip xfrm state
> i do #ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.6.14/K2.6.18-92.1.10.el5 (netkey)
> Checking for IPsec support in kernel [OK]
> NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
>
> Please disable /proc/sys/net/ipv4/conf/*/send_redirects
> or NETKEY will cause the sending of bogus ICMP redirects!
See /etc/ipsec.d/examples/sysctl.conf and merge it with /etc/sysctl.conf
Paul
More information about the Users
mailing list