Ubuntu
ike package

ike needs rp_filter=0 to get it working

Bug #465736 reported by Peter Meiser
26
This bug affects 6 people
Affects Status Importance Assigned to Milestone
ike (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: ike

According to http://lists.shrew.net/mailman/htdig/vpn-help/2008-November/001827.html, the VPN connection only works correctly if rp_filter is set to 0 (which I verified here).
In karmic, it's set to 1 in /etc/sysctl.d/10-network-security.conf.

Perhaps, the package could ship a config file to set rp_filter to 0. The content should be:
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

Revision history for this message
Mike Miller (launchpad-mikeage) wrote :

I'm having the same issue with my OpenVPN setup, although in my case, if I set all/rp_filter to 0, and then reset it to one, it works [so long as my tun0 device is set to 0].

Revision history for this message
Terence Kent (terencekent) wrote :

I ran into the same problem trying to setup the shrewsoft VPN client for the linux boxes at our office. Since the shrewsoft client isn't as popular as vpnc, it took quite a bit of googling to find the solution. Would be nice to see this package fixed soon, especially since vpnc has a phase 2 re-keying issue that causes our clients to drop the connection every few hours (http://www.gossamer-threads.com/lists/vpnc/devel/3246, ).

(some breadcrumbs for any other folks googling for this solution)
* Read this bug description if you are running into the following problems *
--
Ubuntu shrewsoft client connects but no traffic goes over the tunnel
Ubuntu shrewsoft client connects, can ping VPN gateway but no systems over the tunnel
Ubuntu shrewsoft client says 'tunnel enabled' but cannot ping VPN hosts
--

Revision history for this message
Carlos Perelló Marín (carlos) wrote :

The only rp_filter that needs to be changed is the one for the physical device that is used to reach the vpn server, for instance, on my laptop is the wlan0. I didn't have to change anything else.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ike (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.