[Openswan Users] ICMP redirect disabled but fails verify....

Sven J. van Rooij sven at digitalcarmel.net
Tue May 19 15:53:26 EDT 2009

My sysctl file says this....



# Do not accept source routing

net.ipv4.conf.default.accept_source_route = 0


# Controls the System Request debugging functionality of the kernel

kernel.sysrq = 0


# Controls whether core dumps will append the PID to the core filename.

# Useful for debugging multi-threaded applications.

kernel.core_uses_pid = 1



#ICMP redirects disabling

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.all.send_redirects = 0


My files in the according folders are also showing the value 0....


This is what my verify comes up with... should I be worried????


hecking your system to see if IPsec got installed and started correctly:

Version check and ipsec on-path                                   [OK]

Linux Openswan U2.4.9/K2.6.18-93.cc4 (netkey)

Checking for IPsec support in kernel                              [OK]

NETKEY detected, testing for disabled ICMP send_redirects


  Please disable /proc/sys/net/ipv4/conf/*/send_redirects

  or NETKEY will cause the sending of bogus ICMP redirects!


NETKEY detected, testing for disabled ICMP accept_redirects


  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects

  or NETKEY will accept bogus ICMP redirects!


Checking for RSA private key (/etc/ipsec.secrets)

  ipsec showhostkey: no default key in "/etc/ipsec.secrets"

Checking that pluto is running                                    [OK]

Two or more interfaces found, checking IP forwarding              [OK]

Checking NAT and MASQUERADEing                              

Checking for 'ip' command                                         [OK]

Checking for 'iptables' command                                   [OK]

Opportunistic Encryption Support

  Cannot execute command "which iptables": No such file or directory

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090519/3561d102/attachment.html 

More information about the Users mailing list