Enterprise Linux Log

Dec 10 2007   12:31AM GMT

It’s 10 o’clock. Did you remember to turn packet forwarding on?


So I am on a VPN kick lately; I wonder if it shows? I spent the last week setting up and tweaking Openswan on an Ubuntu box in order to allow me to connect to my home network with my MacBook Pro. I finally got it working — you can see some of the fun gotchas you might run into when using Leopard to connect to Openswan at my own blog — but I could not actually see anything on my home network. Well, it turns out I seem to be a special case. (My wife is insisting that I had a prefix “head” to case). My VPN box was never previously a part of my home network topology. It was a DNS and DHCP server, but it played no role in packet switching or forwarding. I guess most people install VPN software on a Linux box that is already a router of some sort. Thus the Kernel did not have packet forwarding turned on and the VPN server was not forwarding packets to the rest of the network.

To turn packet forwarding on simply issue this command:

echo "1" > /proc/sys/net/ipv4/ip_forward

After you do this the packets will flow! Of course, I would have known about this a lot sooner if I had used the “ipsec verify” command. This command will check your system to see if it is properly configured to run Openswan and tell what you need to do in order to get it into a ready state.

Hope this helps!

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: