[Openswan Users] really basic peer-to-peer setup

Simon Deziel simon at xelerance.com
Fri May 3 17:41:26 UTC 2013

Hi Alan,

On 13-05-03 01:24 PM, Alan McKay wrote:
> I would love very much to read the fine manual - if only I could find it!

This should give you a list of the man pages:

  dpkg -L openswan| grep man

> One problem it seems to me is that there is no ipsec interface being generated :

That is nothing to be worried about. An ipsec interface is only created
when using KLIPS/MAST but the default is to use NETKEY which does not
create any new interface.

> root at firewall03:/etc/shorewall# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                             	[OK]
> Linux Openswan U2.6.38/K3.8.0-19-generic (netkey)
> Checking for IPsec support in kernel                        	[OK]
>  SAref kernel support                                       	[N/A]
>  NETKEY:  Testing XFRM related proc values                  	[OK]
> 	[OK]
> 	[OK]
> Checking that pluto is running                              	[OK]
>  Pluto listening for IKE on udp 500                         	[OK]
>  Pluto listening for NAT-T on udp 4500                      	[OK]
> Two or more interfaces found, checking IP forwarding        	[FAILED]
> Checking NAT and MASQUERADEing                              	[OK]
> Checking for 'ip' command                                   	[OK]
> Checking /bin/sh is not /bin/dash                           	[WARNING]
> Checking for 'iptables' command                             	[OK]
> Opportunistic Encryption Support                            	[DISABLED]
>   Warning: ignored obsolete keyword forwardcontrol

You can enable forwarding with:

 sysctl net.ipv4.ip_forward=1

And add it to /etc/sysctl.conf to have it setup on each reboot.


More information about the Users mailing list