[Openswan Users] really basic peer-to-peer setup
Simon Deziel
simon at xelerance.com
Fri May 3 18:20:29 UTC 2013
On 13-05-03 02:07 PM, Alan McKay wrote:
> On Fri, May 3, 2013 at 1:41 PM, Simon Deziel <simon at xelerance.com> wrote:
>> You can enable forwarding with:
>>
>> sysctl net.ipv4.ip_forward=1
>>
>> And add it to /etc/sysctl.conf to have it setup on each reboot.
>
> I forgot to mention that I already found this and it still reports the
> same thing. And the googling I had done there were a lot of hits that
> came up and said "that is nothing to worry about". Seems odd to me
> that it would not be something to worry about.
>
> root at solexa1:~# cat /proc/sys/net/ipv4/conf/*/forwarding
> 1
> 1
> 1
> 1
> 1
> root at solexa1:~# ls !$
> ls /proc/sys/net/ipv4/conf/*/forwarding
> /proc/sys/net/ipv4/conf/all/forwarding
> /proc/sys/net/ipv4/conf/default/forwarding
> /proc/sys/net/ipv4/conf/eth0/forwarding
> /proc/sys/net/ipv4/conf/eth1/forwarding
> /proc/sys/net/ipv4/conf/lo/forwarding
> root at solexa1:~#
Weird.
> I'm also wondering about this error when I restart :
> root at solexa1:~# /etc/init.d/ipsec restart
> ipsec_setup: Stopping Openswan IPsec...
> Warning: ignored obsolete keyword forwardcontrol
> ipsec_setup: Starting Openswan IPsec 2.6.37...
> ipsec_setup: No KLIPS support found while requested, desperately
> falling back to netkey
> ipsec_setup: NETKEY support found. Use " in
> /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue
> with NETKEY
Those message about no KLIPS support are not problematic. Add
"protostack=netkey" to your config to silence them.
> ipsec_setup: Warning: ignored obsolete keyword forwardcontrol
This one is more suspect. Can you post your ipsec.conf ?
Simon
More information about the Users
mailing list