<html><head></head><body><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div>Hi all:</div><div><br></div><div>I shifted laptops a few months back after a Video card failure and mirrored everything over.</div><div>I've just today set aside some time to get my IPsec stuff up and running and ma having a few problems.</div><div><br></div><div>Version:</div><div><span><div>jserinki7 /usr/src/linux # ipsec --version</div><div>Linux Libreswan 3.23 (netkey) on 4.15.5-gentoo</div><div><br></div></span><br></div><div>I can't get past ipsec verify:</div><div><span><div>jserinki7 /usr/src/linux # ipsec verify</div><div>Verifying installed system and configuration files</div><div><br></div><div>Version check and ipsec on-path <span style="white-space: pre-wrap;"> </span>[OK]</div><div>Libreswan 3.23 (netkey) on 4.15.5-gentoo</div><div>Checking for IPsec support in kernel <span style="white-space: pre-wrap;"> </span>[OK]</div><div> NETKEY: Testing XFRM related proc values</div><div> ICMP default/send_redirects <span style="white-space: pre-wrap;"> </span>[OK]</div><div> ICMP default/accept_redirects <span style="white-space: pre-wrap;"> </span>[OK]</div><div> XFRM larval drop <span style="white-space: pre-wrap;"> </span>[OK]</div><div>Pluto ipsec.conf syntax <span style="white-space: pre-wrap;"> </span>[OK]</div><div>Two or more interfaces found, checking IP forwarding<span style="white-space: pre-wrap;"> </span>[OK]</div><div>Checking rp_filter <span style="white-space: pre-wrap;"> </span>[ENABLED]</div><div> /proc/sys/net/ipv4/conf/all/rp_filter <span style="white-space: pre-wrap;"> </span>[ENABLED]</div><div> /proc/sys/net/ipv4/conf/default/rp_filter <span style="white-space: pre-wrap;"> </span>[ENABLED]</div><div> /proc/sys/net/ipv4/conf/erspan0/rp_filter <span style="white-space: pre-wrap;"> </span>[ENABLED]</div><div> /proc/sys/net/ipv4/conf/gre0/rp_filter <span style="white-space: pre-wrap;"> </span>[ENABLED]</div><div> /proc/sys/net/ipv4/conf/gretap0/rp_filter <span style="white-space: pre-wrap;"> </span>[ENABLED]</div><div> /proc/sys/net/ipv4/conf/ip_vti0/rp_filter <span style="white-space: pre-wrap;"> </span>[ENABLED]</div><div> rp_filter is not fully aware of IPsec and should be disabled</div><div>Checking that pluto is running <span style="white-space: pre-wrap;"> </span>[FAILED]</div><div>Checking 'ip' command <span style="white-space: pre-wrap;"> </span>[OK]</div><div>Checking 'iptables' command <span style="white-space: pre-wrap;"> </span>[OK]</div><div>Checking 'prelink' command does not interfere with FIPS<span style="white-space: pre-wrap;"> </span>[OK]</div><div>Checking for obsolete ipsec.conf options <span style="white-space: pre-wrap;"> </span>[OBSOLETE KEYWORD]</div><div>Traceback (most recent call last):</div><div> File "/usr/libexec/ipsec/verify", line 426, in <module></div><div> main()</div><div> File "/usr/libexec/ipsec/verify", line 417, in main</div><div> configsetupcheck()</div><div> File "/usr/libexec/ipsec/verify", line 398, in configsetupcheck</div><div> err = err.replace("Warning"," Warning")</div><div>TypeError: a bytes-like object is required, not 'str'</div><div><br></div></span>So, I get to the OBSOLETE keywords warning and then the verify script burps.</div><div><br></div><div>Any tips on getting verify to complete?</div><div><br></div><div>Cheers,</div><div>john</div></div></body></html>