IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Re: dynamic ip

From: Domany (I.H.Domany_at_t-online.de)
Date: Sat Jun 29 2002 - 11:59:13 CEST

Hi Andreas,

first, thank You very much.

Alas "echo 0 > /proc/sys/net/ipv4/conf/ppp0/rp_filter" doesn't function.
The value is still "1".

Before i start the internet connection, ipsec auto --status shows:
linux:/proc/sys/net/ipv4/conf/ppp0 # ipsec auto --status
000 interface ipsec0/ppp0 192.168.99.1
000
000
(--> 192.168.99.1 is my "dummy" net ip)

After the first connection to internet I get:
000 interface ipsec0/ppp0 217.228.232.60
000
000
(---> 217.228.232.60 is the dynamic ip)

Regards and thanx

Heribert

Am Freitag, 28. Juni 2002 20:53 schrieben Sie:
> Hi Heribert,
>
> I don't see in the log that conn road warrior is loaded at all. Haven't
> you shown us the whole log? ipsec auto --status should show the loaded
> connections.
>
> Regards
>
> Andreas
>
> P.S. Why don't you shut off the rp_filter by executing
>
> echo 0 > /proc/sys/net/ipv4/conf/ppp0/rp_filter
>
> Domany wrote:
> > hi andreas,
> >
> > perhaps u can help me.
> >
> > i try to use ipsec/freeswan according to your article in
> > c't 5/2002. I use the SuSE-distribution 8.0 with a compiled
> > FreeS/WAN (ipsec) implementation. As i understand SuSE,
> > the X.509 certifications are integrated:
> > "Dieses Paket enthält Unterstützung für X.509 Zertifikate, indem der
> > Patch von http://www.strongsec.com/freeswan/ integriert wurde".
> >
> > I use a DSL-modem with dynamic-IP.
> >
> > IF i start ipsec with "ipsec setup" i get the following messages:
> > ipsec_setup: WARNING: ipsec0 has route filtering turned on, KLIPS may not
> > work ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = `1',
> > should be 0) ipsec_setup: WARNING: ppp0 has route filtering turned on,
> > KLIPS may not work ipsec_setup: (/proc/sys/net/ipv4/conf/ppp0/rp_filter
> > = `1', should be 0)
> >
> > If i start ipsec with no(!) internet connection:
> > Jun 28 10:25:51 linux ipsec_setup: KLIPS debug `none'
> > Jun 28 10:25:52 linux ipsec_setup: KLIPS ipsec0 on ppp0
> > 192.168.99.1/255.255.255.255 pointopoint 192.168.99.99
> > Jun 28 10:25:52 linux ipsec_setup: ...FreeS/WAN IPsec started
> > Jun 28 10:25:52 linux ipsec_setup: ^M^[[82C^[[10D^[[1;32mdone^[[m^O
> > Jun 28 10:25:53 linux ipsec__plutorun: /usr/lib/ipsec/_plutoload: fg: no
> > job control
> >
> > If i start ipsec with (!) internet connection:
> > Jun 28 13:35:34 linux ipsec_setup: Starting FreeS/WAN IPsec 1.95...
> > Jun 28 13:35:47 linux ipsec_setup: KLIPS debug `none'
> > Jun 28 13:35:47 linux ipsec_setup: KLIPS ipsec0 on ppp0
> > 80.128.75.250/255.255.255.255 pointopoint 217.5.98.9
> > Jun 28 13:35:47 linux ipsec_setup: WARNING: ipsec0 has route filtering
> > turned on, KLIPS may not work
> > Jun 28 13:35:47 linux ipsec_setup:
> > (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = `1', should be 0)
> > Jun 28 13:35:47 linux ipsec_setup: WARNING: ppp0 has route filtering
> > turned on, KLIPS may not work
> > Jun 28 13:35:47 linux ipsec_setup:
> > (/proc/sys/net/ipv4/conf/ppp0/rp_filter = `1', should be 0)
> >
> > I generated the private, ca and crtl key.
> >
> > ipsec.secrets:
> > : RSA gatewayKey.pem Abc...
> >
> > ipsec.conf:
> > config setup
> > interfaces=%defaultroute
> > klipsdebug=none
> > plutodebug=none
> > plutoload=%search
> > plutostart=%search
> > uniqueids=yes
> > conn %default
> > authby=rsasig
> > leftrsasigkey=%cert
> > rightrsasigkey=%cert
> > left=%defaultroute
> > leftid="C=DE, O=Kool AG, CN=gateway.kool.net"
> > conn roadwarrior
> > right=%any
> > auto=add
> >
> > Mit herzlichem Dank voraus,
> > Heribert Domany

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST