> > > >I believe this is your problem. > > Yeah, that seemed the most obvious reason to me too but I have turned this > off both ways and it does not fix the problem. I do recall seeing a similar > message displayed with a subnet-to-subnet tunnel that I ran between two > Dachstein boxes and it did work, so I think this error message may be a > hangover from the way Shorewall enables the connection.
When you understand what the rp_filter options means, it bcomes easier to say whether or not it will effect your setup. In general, if you are using %defaultroute as the interface, it will likely not hurt if it is turned on. This is because the rp_filter option tells the kernel _not_ to accept packets from a given source address on a given interface if it would not use that interface to send a packet back to that source address. e.g. you have an interface directly connected to the 192.168.2.0/24 network, and receive a tunneled packet from an address on the 192.168.1.0/24 net. If the option is turned off properly, you will not get the error message from freeswan. Also, I just realized that I forgot to put "backup and reboot" after changing the /etc/network/options file. If you are unable to get it working after that measure, follow this link to enable debugging on the Windows side. There don't seem to be any more problems on the freeswan side. http://www.ntfaq.com/Articles/Index.cfm?ArticleID=15321 Thanks, Chad Carr ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
