[Cialug] IPSec Routing & Evil NETKEY
Jonathan C. Bailey
jbailey at co.marshall.ia.us
Sat Nov 20 22:33:16 CST 2010
What kind of route do you speak of? My routing table has the internal subnet, external subnet, and the default gateway on the external side.
I've also tried a "ip rule" with the source as the 192.168.101.0/24 subnet and various default gateways, but no luck there either..
-Jon
----- Original Message -----
From: "Nathan C. Smith" <nathan.smith at ipmvs.com>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Saturday, November 20, 2010 10:20:46 PM
Subject: Re: [Cialug] IPSec Routing & Evil NETKEY
And do you have a route set as well?
-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf Of Jonathan C. Bailey
Sent: Saturday, November 20, 2010 9:43 PM
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] IPSec Routing & Evil NETKEY
Yup... I've got the following in sysctl.conf:
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.default.log_martians = 0
----- Original Message -----
From: "Zachary Kotlarek" <zach at kotlarek.com>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Saturday, November 20, 2010 9:25:10 PM
Subject: Re: [Cialug] IPSec Routing & Evil NETKEY
On Nov 20, 2010, at 9:10 PM, Jonathan C. Bailey wrote:
> Based on the captures I'm have, it seems that the traffic is being successfully decrypted on eth1, but then it just goes "nowhere". I can't seem to find *anything* that would indicate how to move this decrypted traffic out the correct interface, or do anything else with it..
>
> Anyone have some thoughts on this? About to go bald from pulling my hair out...
Is IP forwarding enabled? I often forget that bit when first setting up a router.
Zach
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list