- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- problem with FreeS/WAN IPsec
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2004 03:49 AM
01-25-2004 03:49 AM
I try to setup FreeS/WAN IPsec
on linux SuSE 8.2,
and if I do restart I get this message :
# /etc/init.d/ipsec restart
ipsec_setup: Stopping FreeS/WAN IPsec... done
ipsec_setup: Starting FreeS/WAN IPsec 1.99...
ipsec_setup: ipsec ipsec_3des ipsec_md5 ipsec_sha1
ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may not work
ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = `1', should be 0)
ipsec_setup: done
I don't understand, what's wrong with:
/proc/sys/net/ipv4/conf/eth0/rp_filter = `1'
and where can I change it.
in ipsec.conf I can't find this path.
kind regards
chris
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2004 07:30 AM
01-25-2004 07:30 AM
Re: problem with FreeS/WAN IPsec
http://www.freeswan.org/
maybe search your error message on the site.
Or post it hereso i can do the work.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2004 03:57 PM
01-25-2004 03:57 PM
Re: problem with FreeS/WAN IPsec
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
There might be a /etc/sysctl.conf file to set selected items at startup. Then enter
net.ipv4.conf.eth0.rp_filter = 0
for permanent effect.
I have no experience with FreeS/WAN, so I don't
know what the side-effects are.
-Bob Arendt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2004 07:19 PM
01-25-2004 07:19 PM
Re: problem with FreeS/WAN IPsec
It's location is ... /proc/sys/net/ipv4/conf/eth0/rp_filter
It is NOT a freeswan parameter, therefore of course you cannot find it in freeswan.
If you use a new version of freeswan (which you should anyway) it will modify the value to 0 itself, so you will not need to bother with it. On the other hand, do NOT and I repeat do NOT attempt to use freeswan before reading AND understanding the documentation provided at http://www.freeswan.org. You will not gain any time skiping this mandatory step. It will bite you later.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2004 10:26 PM
01-25-2004 10:26 PM
SolutionUse the commands:
# echo 0 > /proc/sys/net/ipv4/conf/ipsec0/rp_filter
# echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
Also to automatically set these values after reboot you can put those commands in your firewall script file(/etc/rc.d/init.d/firewall).
Regards,
Sergejs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2004 03:47 PM
01-26-2004 03:47 PM
Re: problem with FreeS/WAN IPsec
If rp_filter parameter is enabled , it will check the origin of packets based on network topology of the configured network interfaces and will discard the packets which are spoofed and source routed.
But it VPN scenario , enabling this parameter will cause valid VPN traffic to be discarded because of Source IP - Interface verification .
Therefore put this line in /etc/sysctl.conf file.
net.ipv4.conf.default.rp_filter = 0
and give this command.
#sysctl -p
This will make these changes permanent even after system is rebooted.
regards,
U.SivaKumar.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2004 12:21 PM
02-19-2004 12:21 PM
Re: problem with FreeS/WAN IPsec
and thank you ALL for your answers
greetings
chris