racoon address bind failure

krishhX · 03-11-2010, 12:19 AM

I did not use below configuration in my racoon conf,
remote anonymous {
exchange_mode main;
lifetime time 1 hour;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}

still I am able to work with this for sometime. Later I happened to see the problem "address already in use"..below are the logs

[root@testabn1 ~]# /usr/sbin/racoon -F
Foreground mode.
2010-03-11 05:04:49: INFO: @(#)ipsec-tools 0.6.5 (http://ipsec-tools.sourceforge.net)
2010-03-11 05:04:49: INFO: @(#)This product linked OpenSSL 0.9.8b 04 May 2006 (http://www.openssl.org/)
2010-03-11 05:04:49: ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
2010-03-11 05:04:49: ERROR: failed to bind to address 192.168.122.1[500] (Address already in use).
2010-03-11 05:04:49: ERROR: failed to bind to address 10.10.100.77[500] (Address already in use).
2010-03-11 05:04:49: ERROR: failed to bind to address 10.10.100.90[500] (Address already in use).
2010-03-11 05:04:49: ERROR: failed to bind to address ::1[500] (Address already in use).
2010-03-11 05:04:49: ERROR: failed to bind to address fe80::fcff:ffff:feff:ffff%peth0[500] (Address already in use).
2010-03-11 05:04:49: ERROR: failed to bind to address fe80::200:ff:fe00:0%virbr0[500] (Address already in use).
2010-03-11 05:04:49: ERROR: failed to bind to address fe80::fcff:ffff:feff:ffff%vif0.0[500] (Address already in use).
2010-03-11 05:04:49: ERROR: failed to bind to address fe80::214:c2ff:fe58:ff62%eth0[500] (Address already in use).
2010-03-11 05:04:49: ERROR: failed to bind to address fe80::200:ff:fe00:0%xenbr0[500] (Address already in use).
2010-03-11 05:04:49: ERROR: no address could be bound.
You have new mail in /var/spool/mail/root
[root@testabn1 ~]# /etc/racoon/

As of now I did not find any solution to solve above problem. Can any one please provide the fix for this?

Thanks and regards,

NOTE FROM MODERATOR: krishhX, I've pruned your post from where you originally posted. In the future, please check the dates on threads which you're thinking about posting in. If you see they are dead (inactive for a few months or more) just let them rest in peace and start your own thread. You can always include links to reference the dead thread if you need to, as I've done here. Good luck. --win32sux

krishhX · 03-22-2010, 06:12 AM

i solved the problem by running below config file, it should be running before starting racoon [ipsec on linux m/c]
file name can be like "setkey.conf". it flushes out all the previous configuration.

#!/sbin/setkey -f
flush;
spdflush;

# AH
add 10.10.4.30 10.10.100.77 ah 15700 -A hmac-md5 "1234567890123456";
add 10.10.100.77 10.10.4.30 ah 24500 -A hmac-md5 "1234567890123456";

# ESP
add 10.10.4.30 10.10.100.77 esp 15701 -E 3des-cbc "123456789012123456789012";
add 10.10.100.77 10.10.4.30 esp 24501 -E 3des-cbc "123456789012123456789012";
# Security policies
spdadd 10.10.4.30 10.10.100.77 any -P in ipsec
esp/transport//require
ah/transport//require;
spdadd 10.10.100.77 10.10.4.30 any -P out ipsec
esp/transport//require
ah/transport//require;

its working fine, but SA-IPSEC is not staying for long time? i have to solve this too...