[vpn-help] racoon & ike: Missing the last tiny bit ... [solved!]
cperz at gmx.net
Sun Mar 21 17:07:22 CDT 2010
this was it! Exactly the missing link :))
I went into it a bit more and found out that having it working depends
on two settings:
You can set that at runtime. If you want to configure it on system boot,
add a file /etc/sysctl.d/60-network-security.conf or edit
/etc/sysctl.conf, enabling these three lines
Obviously, its a bit static - so putting it into a wrapper script and
handle the device having the default route would be the most flexible
Matthew Grooms wrote:
> On 3/19/2010 9:01 AM, Clemens Perz wrote:
>> Hmm, but it is not the best solution. Because now all connections inside
>> the vpn are originating from my internal eth0 ip address, which might
>> change when I move between DHCP driven networks.
>> Will need to get back to tap then. It seems, that packages make it to
>> the kernel, but somehow do not arrive at the tap device. Does that make
>> sense to someone? Which screw I have to turn to make it work?
> Please have a look at this post.
More information about the vpn-help