[Openswan Users] send/accept redirects
Markus Falb
wnefal at gmail.com
Sat Feb 8 16:34:11 EST 2014
Hi,
Linux Openswan U2.6.32/K2.6.32-431.3.1.el6.x86_64 (netkey)
I have a question about some output of # ipsec verify
NETKEY: Testing for disabled ICMP send_redirects [FAILED]
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
My question is not about how to get that FAILED into an OK, but why. I'd like to understand the consequences of enabling or disabling send_redirects and/or accept_redirects. The script does state quite frankly that it they should be disabled, but the machine that openswan is installed is acting as a router too and I am not sure if it is such a good idea to disable redirects.
It would be great if someone would explain to me what could happen when I enable or disable redirects
Maybe it would help me to understand possible outcomes, is it safe to disable, etc.
--
Kind Regards, Markus
More information about the Users
mailing list