[Openswan Users] [FAILED] messages

Jarek Joachimiak jaroslaw19 at gmail.com
Thu Apr 12 08:27:50 EDT 2012


I am trying to start Openswan IPsec 2.6.28.

I have installed the openswan and when I run ipsec verify command i get this:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                             	[OK]
Linux Openswan U2.6.28/K2.6.38-8-generic (netkey)
Checking for IPsec support in kernel                        	[OK]
NETKEY detected, testing for disabled ICMP send_redirects   	[FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects 	[FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

Checking that pluto is running                              	[OK]
Pluto listening for IKE on udp 500                          	[OK]
Pluto listening for NAT-T on udp 4500                       	[OK]
Checking for 'ip' command                                   	[OK]
Checking for 'iptables' command                             	[OK]
Opportunistic Encryption Support                            	[DISABLED]

I changed sysctl.conf and add
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_send = 0

This is my sysctl.conf file
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables
# See sysctl.conf (5) for information.
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.log_martians = 1

I put 1 an 0 everyway when i can but it dosn,t work.
Can someone help me?

Jarosław Joachmiak

More information about the Users mailing list