[Openswan Users] ICMP redirect disabled but fails verify....
Sven J. van Rooij
sven at digitalcarmel.net
Tue May 19 15:53:26 EDT 2009
My sysctl file says this....
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
#ICMP redirects disabling
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
My files in the according folders are also showing the value 0....
This is what my verify comes up with... should I be worried????
hecking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.9/K2.6.18-93.cc4 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets)
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support
Cannot execute command "which iptables": No such file or directory
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users