https://bugs.contribs.org/show_bug.cgi?id=10661
Bug ID: 10661
Summary: New file to adjust redirects in /etc/sysctl.d
Classification: Contribs
Product: SME Contribs
Version: 9.2
Hardware: ---
OS: ---
Status: CONFIRMED
Severity: normal
Priority: P3
Component: smeserver-libreswan
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Target Milestone: ---
Just looking around the server and noticed the following
/etc/sysctl.d/50-libreswan.conf
# when using 1 interface for two networks when using NETKEY, the kernel
# thinks it can be clever by sending a redirect (cause it cannot tell
# an encrypted packet came in, but a decrypted packet came out),
# so it sends a bogus ICMP redirect
#
# We disable redirects for XFRM/IPsec
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
These settings are normally set in ipsec-update so I need to go figure if I
need to update the script.
It may also require templating this file to enable redirects (the default) if
libreswan is disabled.
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
