[Openswan Users] site to site ipsec VPN. local endpoint replies with a host unreachable.
Paul Wouters
paul at nohats.ca
Mon Nov 25 17:02:44 UTC 2013
On Sun, 24 Nov 2013, Michael Closson wrote:
> After (on a whim) trying host to site VPN rather than site to site VPN, I can
> confirm that ESP isn't being filtered. See below for the details.
>
> The problem remains that the local VPN endpoint is generating a ICMP host
> unreachable.
>
> Is there anyway I can enable some kernel level debugging? I'll check and see
> what google can suggest.
Try this in /etc/sysctl.conf and run sysctl -p:
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
#
net.ipv4.conf.default.rp_filter = 0
#
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
#
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.log_martians = 1
Paul
--
Libreswan Developer - https://libreswan.org/
Red Hat Security - http://people.redhat.com/pwouters/
Personal Blog - https://nohats.ca/
More information about the Users
mailing list