Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Re: dynamic ip

From: Domany (I.H.Domany_at_t-online.de)
Date: Sun Jun 30 2002 - 19:15:05 CEST

Next message: SANDRA SAVIMBI: "[Users] please kindly get back to me"
Previous message: Ruben I Safir: "[Users] Shared Secrets using SSH Sentinal fails"
In reply to: Joe Patterson: "RE: [Users] Re: dynamic ip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think, I fundamentally do the wrong thing!!

After "echo 0 >/proc/sys/net/ipv4/conf/default/rp_filter"
and "echo 0 >/proc/sys/net/ipv4/conf/ppp0/rp_filter"
I restart FreeS/WAN with "ipsec setup restart".

Now I don't get any error message and "ipsec auto --status" says:

000 interface ipsec0/ppp0 217.228.231.187
000
000 "roadwarrior": 217.228.231.187[C=DE, O=Kool AG,
CN=gateway.kool.net]---217.5.98.9...%any
000 "roadwarrior": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 3
000 "roadwarrior": policy: RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK;
interface: ppp0; unrouted
000 "roadwarrior": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner:
#0
000

I control my connection with KInternet, my gateway is 217.5.98.9,
my ip is 217.228.231.187.

But as I see with tcpdump, there is NO (!) traffic with ipsec0 !!
Every traffic goes over ppp0.

What do I wrong ?!?

My ipsec.conf is:

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn %default
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        left=%defaultroute
        leftid="C=DE, O=Kool AG, CN=gateway.kool.net"
        auto=start

conn roadwarrior
right=%any
auto=add

=============================================================

Am Sonntag, 30. Juni 2002 05:40 schrieben Sie:
> > Alas "echo 0 > /proc/sys/net/ipv4/conf/ppp0/rp_filter" doesn't function.
> > The value is still "1".
>
> That's very odd...
>
> One thing you might want to try is to `echo 0 >
> /proc/sys/net/ipv4/conf/default/rp_filter`, which is, I believe, the value
> that an interface gets for rp_filter when it gets created (i.e., when a ppp
> interface comes up, or when ipsec0 comes up due to something like `service
> ipsec restart`)
>
> Do this in addition to the above command and see if it stays 0.

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: SANDRA SAVIMBI: "[Users] please kindly get back to me"
Previous message: Ruben I Safir: "[Users] Shared Secrets using SSH Sentinal fails"
In reply to: Joe Patterson: "RE: [Users] Re: dynamic ip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST