[Cialug] IPSec Routing & Evil NETKEY

Jonathan C. Bailey jbailey at co.marshall.ia.us
Sat Nov 20 22:33:16 CST 2010 

What kind of route do you speak of? My routing table has the internal subnet, external subnet, and the default gateway on the external side.

I've also tried a "ip rule" with the source as the 192.168.101.0/24 subnet and various default gateways, but no luck there either..

-Jon

----- Original Message -----
From: "Nathan C. Smith" <nathan.smith at ipmvs.com>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Saturday, November 20, 2010 10:20:46 PM
Subject: Re: [Cialug] IPSec Routing & Evil NETKEY

And do you have a route set as well?

-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf Of Jonathan C. Bailey
Sent: Saturday, November 20, 2010 9:43 PM
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] IPSec Routing & Evil NETKEY

Yup... I've got the following in sysctl.conf:

net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.default.log_martians = 0


----- Original Message -----
From: "Zachary Kotlarek" <zach at kotlarek.com>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Saturday, November 20, 2010 9:25:10 PM
Subject: Re: [Cialug] IPSec Routing & Evil NETKEY


On Nov 20, 2010, at 9:10 PM, Jonathan C. Bailey wrote:

> Based on the captures I'm have, it seems that the traffic is being successfully decrypted on eth1, but then it just goes "nowhere". I can't seem to find *anything* that would indicate how to move this decrypted traffic out the correct interface, or do anything else with it..
> 
> Anyone have some thoughts on this? About to go bald from pulling my hair out...


Is IP forwarding enabled? I often forget that bit when first setting up a router.

	Zach


_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list