[Openswan Users] Problem with networking traffic past the tunnel

Jay Smith me at jayftw.com
Tue Nov 10 18:48:27 EST 2009


Hello,
     Sorry for the delay. Anyway, this is what my /etc/sysctl.conf looks
like now.
--
# Disable response to broadcasts.
# You don't want yourself becoming a Smurf amplifier.
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.ip_forward = 1
# enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 0
# enable ipV6 forwarding
#net.ipv6.conf.all.forwarding = 1
# increase the number of possible inotify(7) watches
fs.inotify.max_user_watches = 65536
# avoid deleting secondary IPs on deleting the primary IP
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
# when using 1 interface for two networks when using NETKEY, the kernel
# kernel thinks it can be clever by sending a redirect (cause it cannot
# tell an encrypted packet came in, but a decrypted packet came out),
# so it sends a bogus ICMP redirect
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
--
  I rebooted my device and tried to ping out to the other network and still,
no luck. Any thoughts on where this problem can be? I strongly doubt this is
in the IPSec itself as we can see the other end and the people at the other
end can ping our device (but nothing else). Can it be an IP tables issue? Is
there something I need to enable in the kernel? My thoughts are that the
packets are not going from my network through the IPSec tunnel and their
packets can get to our IPSec Device but nowhere else in the network. Let me
know, I really want to resolve this.

Sincerely,

Jay




On Wed, Nov 4, 2009 at 6:47 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Wed, 4 Nov 2009, Jay Smith wrote:
>
>  Date: Wed, 4 Nov 2009 11:30:23 -0600
>> From: Jay Smith <me at jayftw.com>
>> Cc: users at openswan.org
>> To: Paul Wouters <paul at xelerance.com>
>>
>> Subject: Re: [Openswan Users] Problem with networking traffic past the
>> tunnel
>>
>> Hello,
>>    It's not there either. I found an /etc/sysctl.conf and it says
>>
>
> Yes. You need to merge the lines I gave you into that file.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091110/ede54a2b/attachment.html 


More information about the Users mailing list