0

When using StrongSwan as an IPSEC S2S VPN Gateway, ICMP redirects are being sent to machines behind the right side. I have added the following lines to /etc/sysctl.conf:

net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.all.send_redirects=0

However, after syncing with sysctl -p I still see redirection:

[root@tunnels ~]# sysctl -p net.ipv4.ip_forward = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.all.send_redirects = 0 [root@tunnels ~]# cat /proc/sys/net/ipv4/conf/eno16777984/send_redirects 1

What is the proper way to disable all send_redirects and keep it persistent across reboots?

Improve this question

1 Answer 1

Reset to default
1

It looks like net.ipv4.conf.eno16777894 and net.ipv4.conf.all are being tracked by the kernel separately.

[user@host sysctl.d]$ sudo cat /etc/sysctl.conf # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). net.ipv4.ip_forward = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 [user@host sysctl.d]$ sudo cat /proc/sys/net/ipv4/conf/all/send_redirects 0 [user@host sysctl.d]$ sudo cat /proc/sys/net/ipv4/conf/eth0/send_redirects 1

I'm not sure if the "all" setting overrides the settings found in each eth0 etc. If push comes to shove, you could add a net.ipv4.conf.<eth#> line for each of your network interfaces.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.