Racoon 0.7 fails with address already in use
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ipsec-tools (Debian) |
Fix Released
|
Unknown
|
|||
ipsec-tools (Fedora) |
Fix Released
|
Medium
|
|||
ipsec-tools (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: ipsec-tools
after upgrading from 8.04 to 8.10 (racoon 1:0.6.7-1ubuntu1 to 1:0.7-2.1ubuntu1) ipsec connections fail with these lines in the log:
Feb 21 16:04:15 portableHP racoon: INFO: ISAKMP-SA established 192.168.
Feb 21 16:04:15 portableHP racoon-
Feb 21 16:04:15 portableHP racoon-
Feb 21 16:04:15 portableHP racoon-
Feb 21 16:04:15 portableHP racoon-
Feb 21 16:04:15 portableHP racoon-
Feb 21 16:04:15 portableHP racoon-
Feb 21 16:04:15 portableHP racoon-
Feb 21 16:04:15 portableHP racoon-
Feb 21 16:04:15 portableHP racoon-
Feb 21 16:04:15 portableHP racoon-
Feb 21 16:04:16 portableHP racoon: NOTIFY: NAT-T is enabled, autoconfiguring ports
Feb 21 16:04:16 portableHP racoon: ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
Feb 21 16:04:16 portableHP racoon: ERROR: failed to bind to address 127.0.0.1[4500] (Address already in use).
Feb 21 16:04:16 portableHP racoon: ERROR: failed to bind to address 192.168.10.10[500] (Address already in use).
Feb 21 16:04:16 portableHP racoon: ERROR: failed to bind to address 192.168.10.10[4500] (Address already in use).
ie just after the phase 1 completes [ the racoon-parkeon stuff is generated by my scripts]
The problem has already been fixed upstream (in their CVS) but not yet released even in 0.7.1
Applying the patch ipsec-tools-
For convenience I'm attaching the patch here too.
If there will be no new upstream release soon could this patch be applied by ubuntu (or debian) as redhat have done?
Cheers,
Martin
Changed in ipsec-tools: | |
status: | Unknown → Fix Released |
Changed in ipsec-tools (Debian): | |
status: | Unknown → Fix Released |
Changed in ipsec-tools (Fedora): | |
importance: | Unknown → Medium |
Description of problem:
Several bugs in latest ipsec-tools-0.7 prevent successful use as
a remote-access (road-warrior) client to a Cisco ASA 5500 vpn concentrator.
Attached are three patches which were also submitted to the upstream mailing
list which fix this problem.
Also attached are some packaging improvements: a phase1 mode config script,
an init script for the racoon daemon, and patches for the spec file to
incorporate the above mentioned patches and scripts.
Version-Release number of selected component (if applicable):
0.7
How reproducible:
Attempt to connect to a Cisco ASA in remote-access client mode with racoon.
Steps to Reproduce:
1. Configure racoon to connect to a Cisco ASA as suggested in the enclosed
racoon.conf example.
2. Start racoon daemon
3. run 'racoonctl vc <IP-of-Cisco-ASA>
Actual results:
vpn session fails to be established
Expected results:
successfully establish a vpn session
Additional info:
uploading tarball with the following content:
ipsec-tools. spec.diff changes to spec file 0.7-cvs- dupmode. patch patch to handle dupe mode config packets 0.7-cvs- dupsplit. patch patch to handle dupe split networks 0.7-cvs- iface.patch patch to set SO_REUSEADDR on sockets
racoon.conf.diff changes to included config.file
ipsec-tools-
ipsec-tools-
ipsec-tools-
p1_up_down phase1 mode config script
racoon.init init script for racoon daemon