LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 11-29-2005, 10:45 PM   #1
HaPagan
LQ Newbie
 
Registered: Mar 2005
Location: Greece
Distribution: Mandriva 2005LE
Posts: 21

Rep: Reputation: 15
IPsec : Problem with racoon


I am trying to setup a host-to-host ipsec connection with the aid of ipsec-tools and racoon in SUSE 10. I have editted properly setkey.conf, psk.txt and racoon.conf but It seems that some addresses are already in use and I dont know how to free them. Have you any proposition?

Below, you can see the racoon's log !

Quote:
linux:/etc/racoon # racoon -F -f /etc/racoon/racoon.conf
Foreground mode.
2005-11-30 05:24:33: INFO: @(#)ipsec-tools 0.6 (http://ipsec-tools.sourceforge.net)
2005-11-30 05:24:33: INFO: @(#)This product linked OpenSSL 0.9.7g 11 Apr 2005 (http://www.openssl.org/)
2005-11-30 05:24:33: ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
2005-11-30 05:24:33: INFO: 192.168.0.2[500] used as isakmp port (fd=6)
2005-11-30 05:24:33: INFO: 10.0.0.21[500] used as isakmp port (fd=7)
2005-11-30 05:24:33: ERROR: failed to bind to address ::1[500] (Address already in use).
2005-11-30 05:24:33: INFO: fe80::20e:a6ff:fe75:50e5%eth0[500] used as isakmp port (fd=8)
2005-11-30 05:24:33: INFO: fe80::20b:dff:fe32:3a9c%bnep0[500] used as isakmp port (fd=9)
 
Old 11-30-2005, 01:23 AM   #2
HaPagan
LQ Newbie
 
Registered: Mar 2005
Location: Greece
Distribution: Mandriva 2005LE
Posts: 21

Original Poster
Rep: Reputation: 15
I managed to solve the above-mentioned problem but now I stuck in the initialization of the phase 2 !!!

Quote:
linux:/home/hapagan # racoon -F -f /etc/racoon/racoon.conf
Foreground mode.
2005-11-30 08:19:51: INFO: @(#)ipsec-tools 0.6 (http://ipsec-tools.sourceforge.n et)
2005-11-30 08:19:51: INFO: @(#)This product linked OpenSSL 0.9.7g 11 Apr 2005 (h ttp://www.openssl.org/)
2005-11-30 08:19:51: INFO: 10.0.0.21[500] used as isakmp port (fd=5)
2005-11-30 08:20:08: INFO: IPsec-SA request for 10.0.0.20 queued due to no phase1 found.
2005-11-30 08:20:08: INFO: initiate new phase 1 negotiation: 10.0.0.21[500]<=>10.0.0.20[500]
2005-11-30 08:20:08: INFO: begin Identity Protection mode.
2005-11-30 08:20:08: INFO: received Vendor ID: DPD
2005-11-30 08:20:08: INFO: ISAKMP-SA established 10.0.0.21[500]-10.0.0.20[500] spi:db0d99e789953f56:ed21661acb6a4456
2005-11-30 08:20:09: INFO: initiate new phase 2 negotiation: 10.0.0.21[0]<=>10.0.0.20[0]
2005-11-30 08:20:09: ERROR: no policy found for spid:65.
2005-11-30 08:20:09: ERROR: failed to get ID.
2005-11-30 08:20:09: ERROR: failed to start post getspi.
As I can understand , I have set something wrong in sainfo part of racoon.conf. Any ideas?


Quote:
remote anonymous {
exchange_mode main;
lifetime time 1 hour;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}

sainfo anonymous
{
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPSEC VPN Problem nirav.jani Linux - Security 1 01-27-2005 11:01 AM
Problems w. Racoon/Pluto Interoperability Furbo Linux - Networking 0 01-17-2005 07:23 AM
problem with racoon nitinkhanna Linux - Security 0 10-28-2004 06:28 AM
Problems with 'racoon' and certificates ... sankeny Linux - Security 0 09-01-2004 05:29 PM
problem with FreeS/WAN IPsec cccc Linux - General 0 01-25-2004 11:59 AM


All times are GMT -5. The time now is 11:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration