When using StrongSwan as an IPSEC S2S VPN Gateway, ICMP redirects are being sent to machines behind the right side. I have added the following lines to /etc/sysctl.conf:
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.all.send_redirects=0
However, after syncing with sysctl -p I still see redirection:
[root@tunnels ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
[root@tunnels ~]# cat /proc/sys/net/ipv4/conf/eno16777984/send_redirects
1
What is the proper way to disable all send_redirects and keep it persistent across reboots?
Best Answer
It looks like
net.ipv4.conf.eno16777894
andnet.ipv4.conf.all
are being tracked by the kernel separately.I'm not sure if the "all" setting overrides the settings found in each eth0 etc. If push comes to shove, you could add a
net.ipv4.conf.<eth#>
line for each of your network interfaces.