21 Jan
2002
21 Jan
'02
11:10
You must disable IP spoofing protection for ipsec to work properly.
Could you explain "must"? Under what circumstances is this necessary? I have working VPN GWs with enabled rp_filter.
It *can* cause problems and maybe for you it is none but there is a risk. 217.13.4.32 0.0.0.0 255.255.255.0 U 0 0 0 eth1 217.13.4.32 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 rp_filter authorizes the first route it can find which is on the eth1 interface in this example. But what about changing the sequence by bringing eth1 down and up again? This causes trouble for rp_filter. Bye Markus