[Users] FreeS/Wan on Redhat 7.3

• Next message: Jean-Luc Cooke: "Re: [Users] International Crypto restrictions"
• Previous message: Brian: "[Users] RE: Redhat 7.3 / SuSE 8.0"
• In reply to: Brian: "[Users] FreeS/Wan on Redhat 7.3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Brian writes:
> then when I re-start IPsec (service ipsec restart) I get the following?
>
> [root_at_redhat73 etc]# service ipsec restart
> ipsec_setup: Stopping FreeS/WAN IPsec...
> ipsec_setup: Starting FreeS/WAN IPsec 1.98b...
> ipsec_setup: Using /lib/modules/2.4.18-3custom/kernel/net/ipsec/ipsec.o
> ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may not work
> ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = `1', should be 0)
> [root_at_redhat73 etc]#

Reverse-path filtering is on by default under RedHat 7.3. Generally
this is a good thing, except it screws up FreeS/WAN by dropping
encrypted packets. So you have to turn it off on any interface that
FreeS/WAN is using. That's what the above message is saying. Do the
following :-

  $ echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter

and all will be well. To make it permanent put :-

  net.ipv4.conf.eth0.rp_filter = 0

in /etc/sysctl.conf
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Jean-Luc Cooke: "Re: [Users] International Crypto restrictions"
• Previous message: Brian: "[Users] RE: Redhat 7.3 / SuSE 8.0"
• In reply to: Brian: "[Users] FreeS/Wan on Redhat 7.3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:18 CEST