[Openswan Users] Two or more interfaces found, checking IP forwarding [FAILED
users-bounces at lists.openswan.org
users-bounces at lists.openswan.org
Sat Aug 3 11:54:36 UTC 2013
Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.
From: "Mikael Hagstrom" <mikael at hagstroem.net>
Subject: Re: [Openswan Users] Two or more interfaces found, checking IP forwarding [FAILED]
Date: 3 August, 2013 7:35:28 AM EDT
To: "Leto" <letoams at gmail.com>
Cc: "users at lists.openswan.org" <users at lists.openswan.org>
Hi Leto,
Thank you very much for your reply. I'm still facing issues though. I'm able to connect to the VPN server if I'm on my local network but when I try to connect over internet I get below in the auth.log and then the connection fails. I have added part of my sysctl.conf file below also. Is there something else I need to configure to allow connection from internet to the VPN server. I'm running Ubuntu 13.04.
tail /var/log/auth.log
Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #11: the peer proposed: 84.75.161.88/32:17/1701 -> 10.246.181.156/32:17/0
Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #11: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: responding to Quick Mode proposal {msgid:72a62b9d}
Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: us: 10.0.1.8<10.0.1.8>:17/1701
Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: them: 178.197.236.245[10.246.181.156]:17/65528===10.246.181.156/32
Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: Dead Peer Detection (RFC 3706): enabled
Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Aug 3 13:30:32 M1 pluto[4263]: "L2TP-PSK-NAT"[10] 178.197.236.245 #12: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x02e4dc9d <0x633607c3 xfrm=AES_256-HMAC_SHA1 NATOA=10.246.181.156 NATD=178.197.236.245:19301 DPD=en}
My sysctl.conf file contains below
net.ipv4.conf.default.send_redirects=0
net.ipv4.conf.all.send_redirects=0
#net.ipv4.conf.eth0.send_redirects=0
#net.ipv4.conf.eth1.send_redirects=0
#net.ipv4.conf.lo.send_redirects=0
#net.ipv4.conf.wlan0.send_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.accept_redirects=0
#net.ipv4.conf.eth0.accept_redirects=0
#net.ipv4.conf.eth1.accept_redirects=0
#net.ipv4.conf.lo.accept_redirects=0
#net.ipv4.conf.wlan0.accept_redirects=0
net.ipv4.ip_forward = 1
On Jul 12, 2013 14:58 "Leto" <letoams at gmail.com> wrote:
> It is a bug in old perl version of the 'ipsec verify' command. ignore it.
>
> sent from a tiny device
>
> On 2013-07-12, at 8:12, Patrick Naubert <patrickn at xelerance.com> wrote:
>
>> Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.
>>
>>
>> From: "Mikael Hagstrom" <mikael at hagstroem.net>
>> Subject: Two or more interfaces found, checking IP forwarding [FAILED]
>> Date: 10 July, 2013 3:02:47 PM EDT
>> To: users at lists.openswan.org
>>
>>
>> Hi,
>>
>> I'm trying to configure Openswan on Ubuntu 13.04. I get "Two or more interfaces found, checking IP forwarding [FAILED]" When I run "ipsec verify". I have tried adding
>>
>> net.ipv4.conf.*.send_redirects=0
>> net.ipv4.conf.*.accept_redirects=0
>>
>> for all my network interfaces and set net.ipv4.ip_forward = 1 but I still get the error message. I'm don't know what I'm doing wrong and any help would be very welcome.
>>
>> Regards,
>>
>> Mikael
>>
>> --------ls /proc/sys/net/ipv4/conf/------
>> all default eth0 eth1 lo wlan0
>> -----------------------------------------
>>
>> -----ipsec verify------
>> Checking your system to see if IPsec got installed and started correctly:
>> Version check and ipsec on-path [OK]
>> Linux Openswan U2.6.38/K3.8.0-26-generic (netkey)
>> Checking for IPsec support in kernel [OK]
>> SAref kernel support [N/A]
>> NETKEY: Testing XFRM related proc values [OK]
>> [OK]
>> [OK]
>> Checking that pluto is running [OK]
>> Pluto listening for IKE on udp 500 [OK]
>> Pluto listening for NAT-T on udp 4500 [OK]
>> Two or more interfaces found, checking IP forwarding [FAILED]
>> Checking NAT and MASQUERADEing [OK]
>> Checking for 'ip' command [OK]
>> Checking /bin/sh is not /bin/dash [WARNING]
>> Checking for 'iptables' command [OK]
>> Opportunistic Encryption Support [DISABLED]
>> --------------------------------
>>
>>
>> -----/etc/sysctl.conf-----
>>
>> # IPSec Verify Compliant
>> net.ipv4.conf.default.send_redirects=0
>> net.ipv4.conf.all.send_redirects=0
>> net.ipv4.conf.eth0.send_redirects=0
>> net.ipv4.conf.eth1.send_redirects=0
>> net.ipv4.conf.lo.send_redirects=0
>> net.ipv4.conf.wlan0.send_redirects=0
>> net.ipv4.conf.default.accept_redirects=0
>> net.ipv4.conf.all.accept_redirects=0
>> net.ipv4.conf.eth0.accept_redirects=0
>> net.ipv4.conf.eth1.accept_redirects=0
>> net.ipv4.conf.lo.accept_redirects=0
>> net.ipv4.conf.wlan0.accept_redirects=0
>>
>> net.ipv4.ip_forward = 1
>>
>> ------------------------------------
>>
>> ------ifconfig-------------
>> eth0 Link encap:Ethernet HWaddr 00:16:cb:ae:21:d5
>> UP BROADCAST MULTICAST MTU:1500 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>> Interrupt:16
>>
>> eth1 Link encap:Ethernet HWaddr 02:26:b0:a7:9a:84
>> UP BROADCAST MULTICAST MTU:1500 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>>
>> lo Link encap:Local Loopback
>> inet addr:127.0.0.1 Mask:255.0.0.0
>> inet6 addr: ::1/128 Scope:Host
>> UP LOOPBACK RUNNING MTU:65536 Metric:1
>> RX packets:530 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:530 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:47614 (47.6 KB) TX bytes:47614 (47.6 KB)
>>
>> wlan0 Link encap:Ethernet HWaddr 00:1c:b3:b2:8d:43
>> inet addr:10.0.1.8 Bcast:10.0.1.255 Mask:255.255.255.0
>> inet6 addr: fe80::21c:b3ff:feb2:8d43/64 Scope:Link
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:2927 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:3084 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:1438598 (1.4 MB) TX bytes:497589 (497.5 KB)
>> ------------------------------------------
>>
>>
>>
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130803/01d5ae84/attachment-0001.html>
More information about the Users
mailing list