I think there may be a bug in Bering-uClibc_2.0-rc2. I am currently still working through this IPSec configuration and I discovered the following warning when IPSec loads on boot up:
>>>>>>>>>snip>>>>>>>>>>>>>>>>>>>>>>>>>>>> /proc/sys/net/ipv4/conf/eth0/rp_filter = '1', should be 0. >>>>>>>>>>snip>>>>>>>>>>>>>>>>>>>>>>>>>>>> I did as I was asked in the procedure: >>>>>>>>>snip>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Important You must not turn on route filtering for any interfaces involved in ipsec. The "Bering recommended" way to turn this off is to use the /etc/network/options file and change the "spoofprotect" parameter to "no" >>>>>>>>snip>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> But the only way I can set this value to zero is to manually go into /proc/sys/net/ipv4/conf/eth0/rp_filter and set the value to zero. After I do this and do a full backup of Bering (the "all Except log" 'L' option) and reboot. The changes have not been backed up. Can anyone please tell me how to back up the changes I make to /proc/sys/net/ipv4/conf/eth0/rp_filter? Thanks in advance! Troy -----Original Message----- From: S Mohan [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 2:42 AM To: 'Troy Aden' Subject: RE: [leaf-user] VPN shorewall options Can you look up the VPN doc I've kept in my repository http://leaf.sf.net/devel/mohansundaram ? Fswcert is no longer needed and thus has been removed. FreeSwan can now read certificates as generated by openssl without extraction by fswcert. Warm regards Mohan On Monday, November 17, 2003 7:15 AM Troy Aden <> wrote: : Hello yet again, : : Sorry to be a bother. : I have searched the Freeswan docs for any reference to the fswcert : command with no luck. I need to know what command I should be using : instead of the fswcert command. I did find a reference to it here : http://cert.uni-stuttgart.de/archive/debian/security/2002/04/msg00160.ht ml : But that does not tell me much. Can anyone please tell me what : command I need to do to get past this step in the procedure? The : procedure is posted : here: http://leaf.sourceforge.net/doc/guide/buipsec.html : Again, I am sorry to have to be a bother but I am no guru by any : stretch of the imagination and I have to get this working in short : order. I hope someone can help me out. : : Thanks in advance! : : Troy : : : -----Original Message----- : From: Erich Titl [mailto:[EMAIL PROTECTED] : Sent: Thursday, November 13, 2003 5:02 PM : To: Troy Aden; Leaf-User (E-mail) : Subject: RE: [leaf-user] VPN shorewall options : : Troy : : At 21:35 13.11.2003, Troy Aden wrote: :: Thanks for getting back to me. I have run into problems with one :: command in the IPSec procedure. :: ::::::::::::::::: Snip>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> :: :: Make your ipsec server certificate :: :: # openssl req -newkey rsa:2048 -keyout serverKey.pem -out :: serverReq.pem # openssl ca -policy policy_anything -in serverReq.pem :: -days 1825 -out serverCert.pem -notext # openssl x509 -in :: serverCert.pem -outform DER -out x509cert.der # fswcert -k :: serverKey.pem > ipsec.secrets :: ::::::::::::::::::: Snip>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> :: :: The fswcert line gives me an error saying that the command is not :: found. : : : With recent versions of freeSWan this is not needed anymore, please : see the FreeS/Wan docs for details. : : HTH : Erich : : : THINK : Püntenstrasse 39 : 8143 Stallikon : mailto:[EMAIL PROTECTED] : PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 : : : ------------------------------------------------------- : This SF. Net email is sponsored by: GoToMyPC : GoToMyPC is the fast, easy and secure way to access your computer : from any Web browser or wireless device. Click here to Try it Free! : https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target-------------- ---------------------------------------------------------- : leaf-user mailing list: [EMAIL PROTECTED] : https://lists.sourceforge.net/lists/listinfo/leaf-user : SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
