Re: [Users] rp_filter on ipsec0

From: Stephen J. Bevan (stephen_at_dino.dnsalias.com)
Date: Thu Nov 28 2002 - 17:49:15 CET

• Next message: martin f krafft: "Re: [Users] why doesn't `ipsec auto --down <connection>` work?"
• Previous message: digithot_at_163.com: "*****SPAM***** [Users] (no subject)"
• In reply to: martin f krafft: "Re: [Users] rp_filter on ipsec0"
• Next in thread: Mogens Valentin: "Re: [Users] rp_filter on ipsec0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

martin f krafft writes:
> also sprach Stephen J. Bevan <stephen_at_dino.dnsalias.com> [2002.11.28.0430 +0100]:
> > ipsec0 can have rp_filter set to 1, it is eth0 that has to be 0 and
> > then only in certain situations.
>
> Could you give me some examples of such certain situations?

Typically rp_filter is not an issue when doing host<->host but it is
when FreeS/WAN is acting as a gateway and/or your routing is
asymmetric. If you are not sure then I suggest setting it to 0. If
you really want to run with it set to 1 then make sure IPsec works
first with it set to 0, then re-test with it set to 1.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: martin f krafft: "Re: [Users] why doesn't `ipsec auto --down <connection>` work?"
• Previous message: digithot_at_163.com: "*****SPAM***** [Users] (no subject)"
• In reply to: martin f krafft: "Re: [Users] rp_filter on ipsec0"
• Next in thread: Mogens Valentin: "Re: [Users] rp_filter on ipsec0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Nov 29 2002 - 05:21:11 CET