Am Montag, 10. Februar 2003 06:19 schrieb Mike Leone: > OK; so I think I'm making progress ... > > Anyway, when ipsec starts, I get: > > # svi ipsec start > ipsec_setup: Starting FreeS/WAN IPsec 1.99... > ipsec_setup: Using /lib/modules/ipsec.o > ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may not > work ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = , should be 0) > > However, I have changed /etc/network/options, and changed spoofprotect to > no. Doesn't that turn off route filtering?
It's set in shorewall configuration (interfaces(?)). > Also, Shorewall complains that the gw zone is empty. The zones file looks That's no problem and described in shorewall docs. > ipsec.conf: > > config setup > # THIS SETTING MUST BE CORRECT or almost nothing will work; > # %defaultroute is okay for most simple cases. > interfaces=%defaultroute > # Debug-logging controls: "none" for (almost) none, "all" for > lots. klipsdebug=none > plutodebug=none > # Use auto= parameters in conn descriptions to control startup > actions. plutoload=%search > plutostart=%search > # Close down old connection when new one using same ID shows up. > uniqueids=yes If that's all the "real" tunnel config is missing, these are only the "general" settings for every tunnel you'll define. kp ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html