File: libreswan-sysctl.conf

package info (click to toggle)
libreswan 5.2-2.3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 81,644 kB
  • sloc: ansic: 129,988; sh: 32,018; xml: 20,646; python: 10,303; makefile: 3,022; javascript: 1,506; sed: 574; yacc: 511; perl: 264; awk: 52
file content (12 lines) | stat: -rw-r--r-- 525 bytes parent folder | download | duplicates (10) 
1
2
3
4
5
6
7
8
9
10
11
12
 
# when using 1 interface for two networks when using NETKEY, the kernel
# thinks it can be clever by sending a redirect (cause it cannot tell
# an encrypted packet came in, but a decrypted packet came out),
# so it sends a bogus ICMP redirect
#
# We disable redirects for XFRM/IPsec
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0