[Openswan Users] [FAILED] messages

Giles dev.first at digitalchild.co.uk
Thu Apr 12 09:47:11 EDT 2012 

Hello,

I found this on the 'net somewhere which fixed this for me.

Run these two as root:

# for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done
# for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done

Hope that helps,
Giles.

> -----Original Message-----
> From: Jarek Joachimiak [mailto:jaroslaw19 at gmail.com]
> Sent: 12 April 2012 13:28
> To: users at lists.openswan.org
> Subject: [Openswan Users] [FAILED] messages
> 
> Hello,
> 
> I am trying to start Openswan IPsec 2.6.28.
> 
> I have installed the openswan and when I run ipsec verify command i get
> this:
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                             	[OK]
> Linux Openswan U2.6.28/K2.6.38-8-generic (netkey)
> Checking for IPsec support in kernel                        	[OK]
> NETKEY detected, testing for disabled ICMP send_redirects   	[FAILED]
> 
>   Please disable /proc/sys/net/ipv4/conf/*/send_redirects
>   or NETKEY will cause the sending of bogus ICMP redirects!
> 
> NETKEY detected, testing for disabled ICMP accept_redirects 	[FAILED]
> 
>   Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
>   or NETKEY will accept bogus ICMP redirects!
> 
> Checking that pluto is running                              	[OK]
> Pluto listening for IKE on udp 500                          	[OK]
> Pluto listening for NAT-T on udp 4500                       	[OK]
> Checking for 'ip' command                                   	[OK]
> Checking for 'iptables' command                             	[OK]
> Opportunistic Encryption Support                            	[DISABLED]
> 
> I changed sysctl.conf and add
> net.ipv4.conf.all.accept_redirects = 0
> net.ipv4.conf.all.accept_send = 0
> 
> This is my sysctl.conf file
> #
> # /etc/sysctl.conf - Configuration file for setting system variables # See
> /etc/sysctl.d/ for additional system variables # See sysctl.conf (5) for
> information.
> #
> #kernel.domainname = example.com
> # Uncomment the following to stop low-level messages on console
> #kernel.printk = 3 4 1 3
> net.ipv4.conf.all.rp_filter=1
> net.ipv4.ip_forward=1
> net.ipv4.conf.all.accept_redirects = 0
> net.ipv4.conf.all.send_redirects = 0
> net.ipv4.conf.all.log_martians = 1
> 
> I put 1 an 0 everyway when i can but it dosn,t work.
> Can someone help me?
> 
> Jarosław Joachmiak
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-
> 2946327?n=283155

More information about the Users mailing list