[Openswan Users] NAT on openswan
Bruno Monconduit
bruno.monconduit at googlemail.com
Mon May 11 09:17:23 EDT 2009
Hi all,
I need some help on setting up NAT on an Openswan VPN tunnel.
Hereafter network topology:
subnet Openswan Gateway/Firewall
*10.1.70.0 **----10.1.70.20-----10.1.70.1
81.255.123.xxx----------------------62.134.128.xxx---172.20.1.0/24*
virtual subnet on our side is *192.168.130.0/24.*
So we need to translate 192.168.130.0 into 10.1.70.0.
Openswan is the DMZ. I managed to get the SA established but I can not ping
any ip on the other side of the tunnel.
starting the channel
*ipsec auto --up test
117 "hero" #3: STATE_QUICK_I1: initiate
004 "hero" #3: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP/NAT=>0xab57a38f <0x4630949b xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
*
*/var/log/auth.log
May 11 14:46:15 bruno pluto[32078]: |
192.168.130.0/24===10.1.70.20[81.255.123.xxx]...62.134.128.xxx===172.20.1.0/24
281 May 11 14:46:15 bruno pluto[32078]: | ike_life: 86400s; ipsec_life:
28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy:
PSK+ENCRYPT+TUNNEL+PFS
282 May 11 14:46:15 bruno pluto[32078]: | next event
EVENT_PENDING_PHASE2 in 119 seconds
(....)
May 11 14:46:24 bruno pluto[32078]: | inserting event EVENT_SA_REPLACE,
timeout in 28213 seconds for #2
1334 May 11 14:46:24 bruno pluto[32078]: "hero" #2: STATE_QUICK_I2: sent
QI2, IPsec SA established {ESP/NAT=>0x29f6e927 <0xdd14ef5e
xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
*
ipsec verify
*Version check and ipsec on-path [OK]
Linux Openswan U2.4.12/K2.6.27-11-generic (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [DISABLED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
*
I suspect routing misconfiguration:
*/etc/ipsec.conf
config setup
interfaces=%defaultroute
plutodebug = "all"
klipsdebug = "all"
nat_traversal=yes
-> virtual_private=%v4:10.0.0.0/8,%v4:192.168.130.0/16 <-
*# I could not find any documentation on this line*
conn test
type=tunnel
authby=secret
ike=3des-sha1-modp1024
esp=3des-sha1
pfsgroup=modp1024
keyexchange=ike
pfs=yes
ikelifetime=86400s
rekey=yes
compress=no
aggrmode=no
forceencaps=yes
left=10.1.70.20
leftsourceip=10.1.70.20
leftid=81.255.123.xxx
leftsubnet=192.168.130.0/24
right=62.134.128.xxx
rightsubnet=172.20.1.0/24
auto=start
*
ipsec eroute
*/usr/lib/ipsec/eroute: NETKEY does not support eroute table.*
*/var/run/ipsec.log*
*defaultroutephys=eth0
defaultroutevirt=ipsec0
defaultrouteaddr=10.1.70.20
defaultroutenexthop=10.1.70.1
*
below the routing table
*iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere bruno-laptop-cadexpert.local udp
dpt:isakmp
ACCEPT ah -- anywhere bruno-laptop-cadexpert.local
ACCEPT esp -- anywhere bruno-laptop-cadexpert.local
ACCEPT all -- anywhere bruno-laptop-cadexpert.local
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
*
and the active connections
*netstat -nvl*
*Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 127.0.0.1:7634 0.0.0.0:*
LISTEN
tcp 0 0 10.1.70.20:22 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN
udp 0 0 127.0.0.1:4500 0.0.0.0:*
udp 0 0 10.1.70.20:4500 0.0.0.0:*
udp 0 0 192.168.53.1:4500 0.0.0.0:*
udp 0 0 172.16.99.1:4500 0.0.0.0:*
udp 0 0 0.0.0.0:44624 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 127.0.0.1:500 0.0.0.0:*
udp 0 0 10.1.70.20:500 0.0.0.0:*
udp 0 0 192.168.53.1:500 0.0.0.0:*
udp 0 0 172.16.99.1:500 0.0.0.0:*
raw 0 0 0.0.0.0:1 0.0.0.0:*
7
*ipsec setup start
*/var/log/syslog
kernel: [318747.829461] Initializing XFRM netlink socket
-> May 11 14:06:28 NETKEY on eth0 10.1.70.20/255.255.254.0 broadcast
192.168.0.255
May 11 14:06:28 ipsec_setup: ...Openswan IPsec started
May 11 14:06:28 ipsec_setup: Starting Openswan IPsec 2.4.12..
*
broadcast seems to be wrong (192.168.*0*.255)?
**Any help would be very much appreciated*
*Regards,
Bruno
(sysctl -a | grep ipv4
*net.ipv4.route.gc_thresh = 65536
net.ipv4.route.max_size = 1048576
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_timeout = 300
net.ipv4.route.gc_interval = 60
net.ipv4.route.redirect_load = 5
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_silence = 5120
error: permission denied on key 'net.ipv4.route.flush'
net.ipv4.route.error_cost = 250
net.ipv4.route.error_burst = 1250
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.mtu_expires = 600
net.ipv4.route.min_pmtu = 552
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.secret_interval = 600
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.retrans_time = 100
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.unres_qlen = 3
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.retrans_time = 100
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.unres_qlen = 3
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.eth0.mcast_solicit = 3
net.ipv4.neigh.eth0.ucast_solicit = 3
net.ipv4.neigh.eth0.app_solicit = 0
net.ipv4.neigh.eth0.retrans_time = 100
net.ipv4.neigh.eth0.base_reachable_time = 30
net.ipv4.neigh.eth0.delay_first_probe_time = 5
net.ipv4.neigh.eth0.gc_stale_time = 60
net.ipv4.neigh.eth0.unres_qlen = 3
net.ipv4.neigh.eth0.proxy_qlen = 64
net.ipv4.neigh.eth0.anycast_delay = 100
net.ipv4.neigh.eth0.proxy_delay = 80
net.ipv4.neigh.eth0.locktime = 100
net.ipv4.neigh.eth0.retrans_time_ms = 1000
net.ipv4.neigh.eth0.base_reachable_time_ms = 30000
net.ipv4.neigh.wmaster0.mcast_solicit = 3
net.ipv4.neigh.wmaster0.ucast_solicit = 3
net.ipv4.neigh.wmaster0.app_solicit = 0
net.ipv4.neigh.wmaster0.retrans_time = 100
net.ipv4.neigh.wmaster0.base_reachable_time = 30
net.ipv4.neigh.wmaster0.delay_first_probe_time = 5
net.ipv4.neigh.wmaster0.gc_stale_time = 60
net.ipv4.neigh.wmaster0.unres_qlen = 3
net.ipv4.neigh.wmaster0.proxy_qlen = 64
net.ipv4.neigh.wmaster0.anycast_delay = 100
net.ipv4.neigh.wmaster0.proxy_delay = 80
net.ipv4.neigh.wmaster0.locktime = 100
net.ipv4.neigh.wmaster0.retrans_time_ms = 1000
net.ipv4.neigh.wmaster0.base_reachable_time_ms = 30000
net.ipv4.neigh.wlan0.mcast_solicit = 3
net.ipv4.neigh.wlan0.ucast_solicit = 3
net.ipv4.neigh.wlan0.app_solicit = 0
net.ipv4.neigh.wlan0.retrans_time = 100
net.ipv4.neigh.wlan0.base_reachable_time = 30
net.ipv4.neigh.wlan0.delay_first_probe_time = 5
net.ipv4.neigh.wlan0.gc_stale_time = 60
net.ipv4.neigh.wlan0.unres_qlen = 3
net.ipv4.neigh.wlan0.proxy_qlen = 64
net.ipv4.neigh.wlan0.anycast_delay = 100
net.ipv4.neigh.wlan0.proxy_delay = 80
net.ipv4.neigh.wlan0.locktime = 100
net.ipv4.neigh.wlan0.retrans_time_ms = 1000
net.ipv4.neigh.wlan0.base_reachable_time_ms = 30000
net.ipv4.neigh.vmnet1.mcast_solicit = 3
net.ipv4.neigh.vmnet1.ucast_solicit = 3
net.ipv4.neigh.vmnet1.app_solicit = 0
net.ipv4.neigh.vmnet1.retrans_time = 100
net.ipv4.neigh.vmnet1.base_reachable_time = 30
net.ipv4.neigh.vmnet1.delay_first_probe_time = 5
net.ipv4.neigh.vmnet1.gc_stale_time = 60
net.ipv4.neigh.vmnet1.unres_qlen = 3
net.ipv4.neigh.vmnet1.proxy_qlen = 64
net.ipv4.neigh.vmnet1.anycast_delay = 100
net.ipv4.neigh.vmnet1.proxy_delay = 80
net.ipv4.neigh.vmnet1.locktime = 100
net.ipv4.neigh.vmnet1.retrans_time_ms = 1000
net.ipv4.neigh.vmnet1.base_reachable_time_ms = 30000
net.ipv4.neigh.vmnet8.mcast_solicit = 3
net.ipv4.neigh.vmnet8.ucast_solicit = 3
net.ipv4.neigh.vmnet8.app_solicit = 0
net.ipv4.neigh.vmnet8.retrans_time = 100
net.ipv4.neigh.vmnet8.base_reachable_time = 30
net.ipv4.neigh.vmnet8.delay_first_probe_time = 5
net.ipv4.neigh.vmnet8.gc_stale_time = 60
net.ipv4.neigh.vmnet8.unres_qlen = 3
net.ipv4.neigh.vmnet8.proxy_qlen = 64
net.ipv4.neigh.vmnet8.anycast_delay = 100
net.ipv4.neigh.vmnet8.proxy_delay = 80
net.ipv4.neigh.vmnet8.locktime = 100
net.ipv4.neigh.vmnet8.retrans_time_ms = 1000
net.ipv4.neigh.vmnet8.base_reachable_time_ms = 30000
net.ipv4.neigh.pan0.mcast_solicit = 3
net.ipv4.neigh.pan0.ucast_solicit = 3
net.ipv4.neigh.pan0.app_solicit = 0
net.ipv4.neigh.pan0.retrans_time = 100
net.ipv4.neigh.pan0.base_reachable_time = 30
net.ipv4.neigh.pan0.delay_first_probe_time = 5
net.ipv4.neigh.pan0.gc_stale_time = 60
net.ipv4.neigh.pan0.unres_qlen = 3
net.ipv4.neigh.pan0.proxy_qlen = 64
net.ipv4.neigh.pan0.anycast_delay = 100
net.ipv4.neigh.pan0.proxy_delay = 80
net.ipv4.neigh.pan0.locktime = 100
net.ipv4.neigh.pan0.retrans_time_ms = 1000
net.ipv4.neigh.pan0.base_reachable_time_ms = 30000
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.ip_dynaddr = 0
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.ip_local_port_range = 32768 61000
net.ipv4.igmp_max_memberships = 20
net.ipv4.igmp_max_msf = 10
net.ipv4.inet_peer_threshold = 65664
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_maxttl = 600
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.inet_peer_gc_maxtime = 120
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_fack = 1
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_mem = 191040 254720 382080
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_adv_win_scale = 2
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_frto = 2
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_low_latency = 0
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_abc = 0
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.tcp_dma_copybreak = 4096
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.cipso_cache_enable = 1
net.ipv4.cipso_cache_bucket_size = 10
net.ipv4.cipso_rbm_optfmt = 0
net.ipv4.cipso_rbm_strictvalid = 1
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_max_ssthresh = 0
net.ipv4.udp_mem = 191904 255872 383808
net.ipv4.udp_rmem_min = 4096
net.ipv4.udp_wmem_min = 4096
net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
net.ipv4.netfilter.ip_conntrack_tcp_loose = 1
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0
net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
net.ipv4.netfilter.ip_conntrack_max = 65536
net.ipv4.netfilter.ip_conntrack_count = 2
net.ipv4.netfilter.ip_conntrack_buckets = 16384
net.ipv4.netfilter.ip_conntrack_checksum = 1
net.ipv4.netfilter.ip_conntrack_log_invalid = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 1
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.promote_secondaries = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.lo.secure_redirects = 0
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.lo.send_redirects = 0
net.ipv4.conf.lo.accept_source_route = 1
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.eth0.secure_redirects = 0
net.ipv4.conf.eth0.shared_media = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.eth0.accept_source_route = 1
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.medium_id = 0
net.ipv4.conf.eth0.bootp_relay = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth0.tag = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.arp_accept = 0
net.ipv4.conf.eth0.disable_xfrm = 0
net.ipv4.conf.eth0.disable_policy = 0
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth0.promote_secondaries = 0
net.ipv4.conf.wmaster0.forwarding = 1
net.ipv4.conf.wmaster0.mc_forwarding = 0
net.ipv4.conf.wmaster0.accept_redirects = 0
net.ipv4.conf.wmaster0.secure_redirects = 0
net.ipv4.conf.wmaster0.shared_media = 1
net.ipv4.conf.wmaster0.rp_filter = 1
net.ipv4.conf.wmaster0.send_redirects = 0
net.ipv4.conf.wmaster0.accept_source_route = 1
net.ipv4.conf.wmaster0.proxy_arp = 0
net.ipv4.conf.wmaster0.medium_id = 0
net.ipv4.conf.wmaster0.bootp_relay = 0
net.ipv4.conf.wmaster0.log_martians = 0
net.ipv4.conf.wmaster0.tag = 0
net.ipv4.conf.wmaster0.arp_filter = 0
net.ipv4.conf.wmaster0.arp_announce = 0
net.ipv4.conf.wmaster0.arp_ignore = 0
net.ipv4.conf.wmaster0.arp_accept = 0
net.ipv4.conf.wmaster0.disable_xfrm = 0
net.ipv4.conf.wmaster0.disable_policy = 0
net.ipv4.conf.wmaster0.force_igmp_version = 0
net.ipv4.conf.wmaster0.promote_secondaries = 0
net.ipv4.conf.wlan0.forwarding = 1
net.ipv4.conf.wlan0.mc_forwarding = 0
net.ipv4.conf.wlan0.accept_redirects = 0
net.ipv4.conf.wlan0.secure_redirects = 0
net.ipv4.conf.wlan0.shared_media = 1
net.ipv4.conf.wlan0.rp_filter = 1
net.ipv4.conf.wlan0.send_redirects = 0
net.ipv4.conf.wlan0.accept_source_route = 1
net.ipv4.conf.wlan0.proxy_arp = 0
net.ipv4.conf.wlan0.medium_id = 0
net.ipv4.conf.wlan0.bootp_relay = 0
net.ipv4.conf.wlan0.log_martians = 0
net.ipv4.conf.wlan0.tag = 0
net.ipv4.conf.wlan0.arp_filter = 0
net.ipv4.conf.wlan0.arp_announce = 0
net.ipv4.conf.wlan0.arp_ignore = 0
net.ipv4.conf.wlan0.arp_accept = 0
net.ipv4.conf.wlan0.disable_xfrm = 0
net.ipv4.conf.wlan0.disable_policy = 0
net.ipv4.conf.wlan0.force_igmp_version = 0
net.ipv4.conf.wlan0.promote_secondaries = 0
net.ipv4.conf.pan0.forwarding = 1
net.ipv4.conf.pan0.mc_forwarding = 0
net.ipv4.conf.pan0.accept_redirects = 0
net.ipv4.conf.pan0.secure_redirects = 0
net.ipv4.conf.pan0.shared_media = 1
net.ipv4.conf.pan0.rp_filter = 1
net.ipv4.conf.pan0.send_redirects = 0
net.ipv4.conf.pan0.accept_source_route = 1
net.ipv4.conf.pan0.proxy_arp = 0
net.ipv4.conf.pan0.medium_id = 0
net.ipv4.conf.pan0.bootp_relay = 0
net.ipv4.conf.pan0.log_martians = 0
net.ipv4.conf.pan0.tag = 0
net.ipv4.conf.pan0.arp_filter = 0
net.ipv4.conf.pan0.arp_announce = 0
net.ipv4.conf.pan0.arp_ignore = 0
net.ipv4.conf.pan0.arp_accept = 0
net.ipv4.conf.pan0.disable_xfrm = 0
net.ipv4.conf.pan0.disable_policy = 0
net.ipv4.conf.pan0.force_igmp_version = 0
net.ipv4.conf.pan0.promote_secondaries = 0
net.ipv4.ip_forward = 1
net.ipv4.ipfrag_high_thresh = 262144
net.ipv4.ipfrag_low_thresh = 196608
net.ipv4.ipfrag_time = 30
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
net.ipv4.ipfrag_secret_interval = 600
net.ipv4.ipfrag_max_dist = 64*)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090511/742407f5/attachment-0001.html
More information about the Users
mailing list