[Openswan Users] really basic peer-to-peer setup
Simon Deziel
simon at xelerance.com
Fri May 3 17:41:26 UTC 2013
Hi Alan,
On 13-05-03 01:24 PM, Alan McKay wrote:
> I would love very much to read the fine manual - if only I could find it!
This should give you a list of the man pages:
dpkg -L openswan| grep man
> One problem it seems to me is that there is no ipsec interface being generated :
That is nothing to be worried about. An ipsec interface is only created
when using KLIPS/MAST but the default is to use NETKEY which does not
create any new interface.
> root at firewall03:/etc/shorewall# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.6.38/K3.8.0-19-generic (netkey)
> Checking for IPsec support in kernel [OK]
> SAref kernel support [N/A]
> NETKEY: Testing XFRM related proc values [OK]
> [OK]
> [OK]
> Checking that pluto is running [OK]
> Pluto listening for IKE on udp 500 [OK]
> Pluto listening for NAT-T on udp 4500 [OK]
> Two or more interfaces found, checking IP forwarding [FAILED]
> Checking NAT and MASQUERADEing [OK]
> Checking for 'ip' command [OK]
> Checking /bin/sh is not /bin/dash [WARNING]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
> Warning: ignored obsolete keyword forwardcontrol
You can enable forwarding with:
sysctl net.ipv4.ip_forward=1
And add it to /etc/sysctl.conf to have it setup on each reboot.
HTH,
Simon
More information about the Users
mailing list