Hi all:
We using GRE over IPSec to a Cisco IOS router using a crypto map on the Cisco. We bring up IPSec first and then the GRE after the IPSec is up and the GRE is "inside" the IPSec tunnel.
Strongswan on the RUT-950 always initiates the tunnels.
What happens, about 20% of the time, is the IPSec tunnel comes up (100% reliable) but the GRE tunnel does not, hence no connectivity.
So, I turned on GRE keepalives in the Cisco and to make this work on the RUT-950 boxes I did this:
echo 1 > /proc/sys/net/ipv4/conf/default/accept_local
echo 1 > /proc/sys/net/ipv4/conf/all/accept_local
Now the GRE tunnels come up every time all the time.
What are the security ramifications of enabling those accept_local flags?
Cheers,
John