[Openswan Users] send/accept redirects

Markus Falb wnefal at gmail.com
Sat Feb 8 16:34:11 EST 2014

Linux Openswan U2.6.32/K2.6.32-431.3.1.el6.x86_64 (netkey)

I have a question about some output of # ipsec verify

NETKEY:  Testing for disabled ICMP send_redirects          	[FAILED]
NETKEY detected, testing for disabled ICMP accept_redirects 	[FAILED]

My question is not about how to get that FAILED into an OK, but why. I'd like to understand the consequences of enabling or disabling send_redirects and/or accept_redirects. The script does state quite frankly that it they should be disabled, but the machine that openswan is installed is acting as a router too and I am not sure if it is such a good idea to disable redirects.

It would be great if someone would explain to me what could happen when I enable or disable redirects
Maybe it would help me to understand possible outcomes, is it safe to disable, etc.

Kind Regards, Markus

More information about the Users mailing list