Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] SuSEFirewall2, FreeS/WAN and VPN
  • From: Nadeem Hasan <nhasan@xxxxxxxxx>
  • Date: Fri, 18 Jan 2002 11:02:19 -0500
  • Message-id: <3C48470B.BA99003D@xxxxxxxxx>
"Argentium G. Tiger" wrote:
> On the side where the firewall is actually active, I'm getting the error
> that I documented last message:
>
> ipsec_setup: Starting FreeS/WAN IPsec 1.91...WARNING: ipsec0 has route
> filtering turned on, KLIPS may not work
> ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = '1', should be 0)
> ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may not work
> ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = '1', should be 0)

> And now to Markus' message:
>
> > You must disable IP spoofing protection for ipsec to work properly.
> >
> > Something like that should do the job:
> > echo 0 > /proc/sys/net/ipv4/conf/ipsec0/rp_filter
> > echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
>

Just make sure you have added "ipsec0" to the FW_DEV_EXT variable
in the /etc/rc.config.d/firewall2.rc.config. This will make sure
that rp_filter is not turned on for any interface.

Cheers,
--
Nadeem Hasan
nhasan@xxxxxxxxx
http://www.nadmm.com/

< Previous Next >
Follow Ups
References