"Argentium G. Tiger" wrote:
On the side where the firewall is actually active, I'm getting the error that I documented last message:
ipsec_setup: Starting FreeS/WAN IPsec 1.91...WARNING: ipsec0 has route filtering turned on, KLIPS may not work ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = '1', should be 0) ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may not work ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = '1', should be 0)
And now to Markus' message:
You must disable IP spoofing protection for ipsec to work properly.
Something like that should do the job: echo 0 > /proc/sys/net/ipv4/conf/ipsec0/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
Just make sure you have added "ipsec0" to the FW_DEV_EXT variable in the /etc/rc.config.d/firewall2.rc.config. This will make sure that rp_filter is not turned on for any interface. Cheers, -- Nadeem Hasan nhasan@nadmm.com http://www.nadmm.com/