Hi
interesting, so the KLIPS not working will break windows VPN but not VPN
for linux boxen? i have a remote user using linux VPN and he's fine.
curious.
--jsl
Eric Spakman wrote:
Hello Julie,
Hi All,
I'm getting the following behavior on bering 2.3. I just rebooted my
firewall (which was working beautifully) and now I'm having problems with
my windows VPN. Here's what I get.....
Pinging xxxx [192.168.0.13] with 32 bytes of data:
Negotiating IP Security.
Negotiating IP Security.
Negotiating IP Security.
Negotiating IP Security.
Ping statistics for 192.168.0.13:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Documents and Settings\Julie S. Lin>ping xxxx
Pinging buzz [192.168.0.13] with 32 bytes of data:
Reply from 192.168.0.13: bytes=32 time=20ms TTL=63
Reply from 192.168.0.13: bytes=32 time=20ms TTL=63
Request timed out.
Request timed out.
When I did restart the ipsec, I saw that it was complaining about KLIPS
ipsec_setup: Using /lib/modules/ipsec.o
ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may not
work ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = `1', should be
0)
so I did echo 0 > /proc/sys/net/ipv4/conf/ipsec0/rp_filter (since it's
recommended both are set to 0) echo 0 >
/proc/sys/net/ipv4/conf/eth0/rp_filter
I'm planning on checking this at home tonight, however, I'm just curious
if anyone has seen this kind of behavior before, and if it is indicative of
a semi-functioning KLIPS? It's odd since ipsec barf shows the tunnel
established. Any info or comments/feedback would be greatly appreciated.
If rp_filter is enabled you will see this behavior, AFAIK most of the
times it's harmless. But you can disable rp_filter in:
lrcfg -> 1) network configuration -> 2) network options file
and set spoofprotect=no
After that backup etc.lrp
--jsl
Eric
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
