[Openswan Users] really basic peer-to-peer setup
Nick Howitt
n1ck.h0w1tt at gmail.com
Sat May 4 06:42:35 UTC 2013
Please add a leftsourceip=the_lan_ip_of_your_Openswan_box
On 04/05/2013 02:50, Alan McKay wrote:
> On Fri, May 3, 2013 at 9:41 PM, Alan McKay <alan.mckay at gmail.com> wrote:
>> Anyway, I may not get a chance til monday to try your config, but I
>> will. I'm just sitting here at home having a beer and this problem
>> is really bugging me :-)
> And of course I had to try it - still no go. Rewrote it for the other
> end too of course.
>
> But I see that on firewall03, ipsec still thinks forwarding is not
> enabled in spite of my sysctl. Check it out. The FAILED below.
>
> Should I simplify this right now but getting rid of the Xen kernel and
> going back to vanilla Ubuntu 13.04? Just to see whether it works? I
> have Ubuntu 12.04 vanilla on the other end.
>
> root at firewall03:~# sysctl net.ipv4.ip_forward=1
> net.ipv4.ip_forward = 1
> root at firewall03:~# cat /proc/sys/net/ipv4/conf/*/forwarding
> 1
> 1
> 1
> 1
> 1
> 1
> 1
> 1
> 1
> 1
> root at firewall03:~# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.6.38/K3.8.0-19-generic (netkey)
> Checking for IPsec support in kernel [OK]
> SAref kernel support [N/A]
> NETKEY: Testing XFRM related proc values [OK]
> [OK]
> [OK]
> Checking that pluto is running [OK]
> Pluto listening for IKE on udp 500 [OK]
> Pluto listening for NAT-T on udp 4500 [OK]
> Two or more interfaces found, checking IP forwarding [FAILED]
> Checking NAT and MASQUERADEing [OK]
> Checking for 'ip' command [OK]
> Checking /bin/sh is not /bin/dash [WARNING]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
>
>
>
More information about the Users
mailing list