[Cialug] IPSec Routing & Evil NETKEY

Nathan C. Smith nathan.smith at ipmvs.com
Sat Nov 20 22:20:46 CST 2010


And do you have a route set as well?

-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf Of Jonathan C. Bailey
Sent: Saturday, November 20, 2010 9:43 PM
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] IPSec Routing & Evil NETKEY

Yup... I've got the following in sysctl.conf:

net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.default.log_martians = 0


----- Original Message -----
From: "Zachary Kotlarek" <zach at kotlarek.com>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Saturday, November 20, 2010 9:25:10 PM
Subject: Re: [Cialug] IPSec Routing & Evil NETKEY


On Nov 20, 2010, at 9:10 PM, Jonathan C. Bailey wrote:

> Based on the captures I'm have, it seems that the traffic is being successfully decrypted on eth1, but then it just goes "nowhere". I can't seem to find *anything* that would indicate how to move this decrypted traffic out the correct interface, or do anything else with it..
> 
> Anyone have some thoughts on this? About to go bald from pulling my hair out...


Is IP forwarding enabled? I often forget that bit when first setting up a router.

	Zach


_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug


More information about the Cialug mailing list