Kevin VPN <kvpn@...> writes: > > On 02/26/2012 12:58 AM, David G. Miller wrote: > > Hi List - > > > > I'm looking into whether there is a way to get the Shrew Soft VPN client > > working with Red Hat Enterprise Linux 6.X (or clones such as Scientific > > Linux or CentOS). SNIP > > > > Has anyone looked into building a statically linked version of iked (the > > other pieces appear to work) under Fedora? Anyone succeed? > > > > Hi Dave, does this post help? > > http://lists.shrew.net/pipermail/vpn-help/2008-November/000950.html > Hi Kevin -
I had run across that particular article in my searches. I checked net.ipv4.conf.all.rp_filter and it was already set to zero. After posting my request, above, I went back to searching plus building and installing 2.1.7 both from the archive here and from the FC16 source rpm. I also tried the 2.2.0 beta but always got the same result. Since nothing worked I came back to the article and started setting other rp_filer values to zero. I finally got a working solution by setting net.ipv4.conf.eth0.rp_filter to zero. Unfortunately, this opens a significant security hole. I can make attacking the vulnerability more difficult by setting up my firewall to only allow packets going to the VPN port from my VPN server. This doesn't stop someone from forging the source IP address. Any other suggestions would be appreciated. The goal is to have the VPN client on the Internet facing EL6 box that also serves as my router and have multiple boxes within my local network be able to connect to the VPN through a single client. Thanks, Dave _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
