During the process of a VPN client configuration with xl2tpd and openswan ipsec verify
command threw the following error:
Disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will act on or cause sending of bogus ICMP redirects!
To fix this we need to disable send_redirects and save changes in /etc/sysctl.conf so they will be permanent across reboots. Here is how:
Disable send_redirects and accept_redirects:
1 2 3 4 5 6 7 8 9 10 11 12 |
# Disable send redirects echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects echo 0 > /proc/sys/net/ipv4/conf/lo/send_redirects # Disable accept redirects echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/lo/accept_redirects |
To make it permanent on reboot, in your sysctl.conf
place the below lines
1 2 3 4 5 6 7 8 9 |
net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.lo.send_redirects = 0 |