[Cialug] IPSec Routing & Evil NETKEY

Jonathan C. Bailey jbailey at co.marshall.ia.us
Sat Nov 20 21:43:00 CST 2010


Yup... I've got the following in sysctl.conf:

net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.default.log_martians = 0


----- Original Message -----
From: "Zachary Kotlarek" <zach at kotlarek.com>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Saturday, November 20, 2010 9:25:10 PM
Subject: Re: [Cialug] IPSec Routing & Evil NETKEY


On Nov 20, 2010, at 9:10 PM, Jonathan C. Bailey wrote:

> Based on the captures I'm have, it seems that the traffic is being successfully decrypted on eth1, but then it just goes "nowhere". I can't seem to find *anything* that would indicate how to move this decrypted traffic out the correct interface, or do anything else with it..
> 
> Anyone have some thoughts on this? About to go bald from pulling my hair out...


Is IP forwarding enabled? I often forget that bit when first setting up a router.

	Zach


_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug


More information about the Cialug mailing list