Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] SuSEFirewall2, FreeS/WAN and VPN
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Sat, 19 Jan 2002 19:57:07 +0100
  • Message-id: <20020119195707.E2705@xxxxxxxxx>
* Markus Koellner wrote on Fri, Jan 18, 2002 at 00:52 +0100:
> > Without the firewall enabled, it looks as if freeswan (ipsec)
> > starts correctly. WITH the firewall enabled, here's what we
> > get as an error message:

I would call it warning message.

> ipsec_setup: Starting FreeS/WAN IPsec 1.91...WARNING: ipsec0 has route
> filtering turned on, KLIPS may not work
> >ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = '1', should be 0)
> >ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may not work
> >ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = '1', should be 0)
>
> You must disable IP spoofing protection for ipsec to work properly.

Could you explain "must"? Under what circumstances is this
necessary? I have working VPN GWs with enabled rp_filter.

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
Follow Ups