[Openswan Users] really basic peer-to-peer setup

Alan McKay alan.mckay at gmail.com
Sat May 4 01:50:46 UTC 2013

On Fri, May 3, 2013 at 9:41 PM, Alan McKay <alan.mckay at gmail.com> wrote:
> Anyway, I may not get a chance til monday to try your config, but I
> will.   I'm just sitting here at home having a beer and this problem
> is really bugging me :-)

And of course I had to try it - still no go.  Rewrote it for the other
end too of course.

But I see that on firewall03, ipsec still thinks forwarding is not
enabled in spite of my sysctl.   Check it out.  The FAILED below.

Should I simplify this right now but getting rid of the Xen kernel and
going back to vanilla Ubuntu 13.04?   Just to see whether it works?  I
have Ubuntu 12.04 vanilla on the other end.

root at firewall03:~# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
root at firewall03:~# cat /proc/sys/net/ipv4/conf/*/forwarding
root at firewall03:~# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                             	[OK]
Linux Openswan U2.6.38/K3.8.0-19-generic (netkey)
Checking for IPsec support in kernel                        	[OK]
 SAref kernel support                                       	[N/A]
 NETKEY:  Testing XFRM related proc values                  	[OK]
Checking that pluto is running                              	[OK]
 Pluto listening for IKE on udp 500                         	[OK]
 Pluto listening for NAT-T on udp 4500                      	[OK]
Two or more interfaces found, checking IP forwarding        	[FAILED]
Checking NAT and MASQUERADEing                              	[OK]
Checking for 'ip' command                                   	[OK]
Checking /bin/sh is not /bin/dash                           	[WARNING]
Checking for 'iptables' command                             	[OK]
Opportunistic Encryption Support                            	[DISABLED]

“Don't eat anything you've ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"

More information about the Users mailing list