Hi,
I have Zentyal 3.2 host. Internet connection is pppoe with dynamic IP
Configured IPsec V2TP VPN server
root@gw:/# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.37/K3.8.0-34-generic (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
[FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
errors fixed by adding in /etc/sysctl.conf
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
Jan 16 07:43:24 gw ipsec_setup: Starting Openswan IPsec U2.6.37/K3.8.0-34-generic...
Jan 16 07:43:24 gw ipsec_setup: Using NETKEY(XFRM) stack
Jan 16 07:43:24 gw kernel: [290542.524020] Initializing XFRM netlink socket
Jan 16 07:43:24 gw ipsec_setup: ...Openswan IPsec started
Jan 16 07:43:24 gw pluto: adjusting ipsec.d to /etc/ipsec.d
Jan 16 07:43:24 gw ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jan 16 07:43:25 gw ipsec__plutorun: 002 added connection description "vpn"
Jan 16 07:43:25 gw ipsec__plutorun: 025 "vpn": cannot route template policy of PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+SAREFTRACK
Jan 16 07:43:25 gw ipsec__plutorun: 025 "vpn": could not route
Jan 16 07:43:25 gw ipsec__plutorun: 029 "vpn": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
fix: ipsec.conf.mas
#auto=start
auto=add
Now VPN works, but after restart ppp0 VPN server will not work.
After save ipsec module it works. Any workaround for this?