[Openswan Users] openswan -- Not able to open /proc/sys/crypto/fips_enabled
Tuomo Soini
tis at foobar.fi
Fri Apr 13 14:45:29 EDT 2012
On Thu, 12 Apr 2012 22:51:54 +0400
SVM <svm7 at mail15.com> wrote:
> 12.04.2012 22:31, Ray at truedays.org wrote:
> > Additionally I can't seem to solve the [failed]'s in ipsec verify:
>
> In /etc/sysctl.conf set variables:
>
> net.ipv4.conf.default.accept_redirects = 0
> net.ipv4.conf.default.send_redirects = 0
>
> run "sysctl -p" to apply.
>
> Be sure you used "conf.default.accept_..." instead of
> "conf.all.accept". Keyword ".default.", not ".all."!
No. conf.default is not enough.
You need all these:
# Disable redirects for XFRM (NETKEY) IPsec
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Users
mailing list