[Openswan Users] really basic peer-to-peer setup
Alan McKay
alan.mckay at gmail.com
Sat May 4 01:50:46 UTC 2013
On Fri, May 3, 2013 at 9:41 PM, Alan McKay <alan.mckay at gmail.com> wrote:
> Anyway, I may not get a chance til monday to try your config, but I
> will. I'm just sitting here at home having a beer and this problem
> is really bugging me :-)
And of course I had to try it - still no go. Rewrote it for the other
end too of course.
But I see that on firewall03, ipsec still thinks forwarding is not
enabled in spite of my sysctl. Check it out. The FAILED below.
Should I simplify this right now but getting rid of the Xen kernel and
going back to vanilla Ubuntu 13.04? Just to see whether it works? I
have Ubuntu 12.04 vanilla on the other end.
root at firewall03:~# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
root at firewall03:~# cat /proc/sys/net/ipv4/conf/*/forwarding
1
1
1
1
1
1
1
1
1
1
root at firewall03:~# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.38/K3.8.0-19-generic (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [OK]
[OK]
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [FAILED]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
--
“Don't eat anything you've ever seen advertised on TV”
- Michael Pollan, author of "In Defense of Food"
More information about the Users
mailing list