当我尝试安装L2TP时出现错误。任何可以帮助我..解决此问题的方法

8 
root@t-Aspire-5742:/# sudo ipsec verify

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]

Linux Openswan U2.6.37/K3.5.0-42-generic (netkey)
Checking for IPsec support in kernel                            [OK]

 SAref kernel support                                           [N/A]

 NETKEY:  Testing XFRM related proc values                      [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects! [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects                    [OK]

Checking that pluto is running                                  [OK]

 Pluto listening for IKE on udp 500                             [OK]

 Pluto listening for NAT-T on udp 4500                          [OK]

Two or more interfaces found, checking IP forwarding            [FAILED]

Checking for 'ip' command                                       [OK]

Checking /bin/sh is not /bin/dash                               [WARNING]

Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support                                [DISABLED]
server  kernel  internet  ppp  openswan 
帕尼
source

Answers:

13

您需要禁用发送和接受:

# Disable send redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/lo/send_redirects

# Disable accept redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/lo/accept_redirects

要使其在重新启动时永久存在,请在sysctl.conf中放置以下行

net.ipv4.conf.all.accept_redirects = 0 
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0 
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0 
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0 
net.ipv4.conf.lo.send_redirects = 0
万能钥匙
source
0

请规范/ proc / sys / net / ipv4 / conf / ...文件,即使对于root用户也是只读的。您应该使用VPN配置禁用它。例如,在OpenSwan中,您应该执行以下操作:

Prompt> sudo vi /etc/sysctl.conf
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0

您也可以使用 

sudo sysctl stuff.you.want.to.change=newValue

如注释所建议,以避免重新启动

莫西·卡普兰
source
从技术上讲,这是不正确的,您只是不直接写入这些文件。您使用sudo sysctl stuff.you.want.to.change=newValue。要使更改保持不变,您需要编辑/etc/sysctl.conf
颚theshark
但这是我写的同一件事。什么是差异?
Moshe Kaplan
坚持不懈。如果更改配置文件,则不会实时更改内核值。您需要重启。如果您使用sysctl它,则实时更改值,就像您对(只读)文件具有写访问权一样。
颚theshark
@jawtheshark,您是正确的
Moshe Kaplan,
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.