[Openswan Users] [FAILED] messages
Giles
dev.first at digitalchild.co.uk
Thu Apr 12 09:47:11 EDT 2012
Hello,
I found this on the 'net somewhere which fixed this for me.
Run these two as root:
# for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done
# for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done
Hope that helps,
Giles.
> -----Original Message-----
> From: Jarek Joachimiak [mailto:jaroslaw19 at gmail.com]
> Sent: 12 April 2012 13:28
> To: users at lists.openswan.org
> Subject: [Openswan Users] [FAILED] messages
>
> Hello,
>
> I am trying to start Openswan IPsec 2.6.28.
>
> I have installed the openswan and when I run ipsec verify command i get
> this:
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.6.28/K2.6.38-8-generic (netkey)
> Checking for IPsec support in kernel [OK]
> NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
>
> Please disable /proc/sys/net/ipv4/conf/*/send_redirects
> or NETKEY will cause the sending of bogus ICMP redirects!
>
> NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
>
> Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
> or NETKEY will accept bogus ICMP redirects!
>
> Checking that pluto is running [OK]
> Pluto listening for IKE on udp 500 [OK]
> Pluto listening for NAT-T on udp 4500 [OK]
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
>
> I changed sysctl.conf and add
> net.ipv4.conf.all.accept_redirects = 0
> net.ipv4.conf.all.accept_send = 0
>
> This is my sysctl.conf file
> #
> # /etc/sysctl.conf - Configuration file for setting system variables # See
> /etc/sysctl.d/ for additional system variables # See sysctl.conf (5) for
> information.
> #
> #kernel.domainname = example.com
> # Uncomment the following to stop low-level messages on console
> #kernel.printk = 3 4 1 3
> net.ipv4.conf.all.rp_filter=1
> net.ipv4.ip_forward=1
> net.ipv4.conf.all.accept_redirects = 0
> net.ipv4.conf.all.send_redirects = 0
> net.ipv4.conf.all.log_martians = 1
>
> I put 1 an 0 everyway when i can but it dosn,t work.
> Can someone help me?
>
> Jarosław Joachmiak
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-
> 2946327?n=283155
More information about the Users
mailing list