OpenSwan, racoon running on one box

karlson · 09-03-2008, 11:55 PM

Hello,

the problem: The box has 2 NIC's with 2 different IP addresses. I have racoon running in tunnel mode using IPsec (or at least i hope it is

) on eth0. When started - racoon listens on eth0 port 500. I configured OpenSwan to run on eth1 (Roadwarrior server) - unfortunately when started, openswan starts to listen on localhost, eth0 and eth1 ports 500, so racoon dies. When trying to restart racoon it says address already in use. I truly believe there is a way to forbid OpenSwan taking all 3 addresses. Both eth0 and eth1 has an external addresses

Any suggestions are welcome

my ipsec.conf

Code:

config setup
        
        nat_traversal=no
        nhelpers=0

        interfaces="ipsec0=eth1"
        klipsdebug=none
        plutodebug=none
   #    overridemtu=1410
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24



# Add connections here

conn %default
    keyingtries=3
    compress=no
    disablearrivalcheck=no
    keyexchange=ike
    ikelifetime=240m
    keylife=60m

conn roadwarrior-net
    leftsubnet=192.168.1.0/24
    also=roadwarrior

conn roadwarrior-all
    leftsubnet=0.0.0.0/0
    also=roadwarrior

conn roadwarrior-l2tp
    leftprotoport=17/0
    rightprotoport=17/1701
    also=roadwarrior

conn roadwarrior-l2tp-updatedwin
    leftprotoport=17/1701
    rightprotoport=17/1701
    also=roadwarrior

conn roadwarrior
    authby=secret
    pfs=no
    type=tunnel
    left=my_eth1_ip
    right=%any
    rightsubnet=vhost:%no,%priv
    auto=add

# sample VPN connections, see /etc/ipsec.d/examples/

#Disable Opportunistic Encryption
include /etc/ipsec/ipsec.d/examples/no_oe.conf