K.-P. Kirchd�rfer said: > Am Montag, 10. Februar 2003 06:19 schrieb Mike Leone: >> OK; so I think I'm making progress ... >> >> Anyway, when ipsec starts, I get: >> >> # svi ipsec start >> ipsec_setup: Starting FreeS/WAN IPsec 1.99... >> ipsec_setup: Using /lib/modules/ipsec.o >> ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may >> not work ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = , >> should be 0) >> >> However, I have changed /etc/network/options, and changed spoofprotect >> to no. Doesn't that turn off route filtering? > > It's set in shorewall configuration (interfaces(?)).
I thought it might, but the Bering docs indicate otherwise - that the easiest way is by changing /etc/network/options. > If that's all the "real" tunnel config is missing, these are only the > "general" settings for every tunnel you'll define. Correct; the tunnel definition is missing. That's what I was asking about - what do I need to put here to make the tunnel work properly with a Pix using pre-shared keys. The examples I've found on the FreeS/WAN site are confusing and contradictory. -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member, LEAF Project <http://leaf.sourceforge.net> AIM: MikeLeone Public Key - <http://www.mike-leone.com/~turgon/turgon-public-key.asc> Registered Linux user# 201348 ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
