Racoon 0.7 fails with address already in use

Bug #332606 reported by Martin Fuzzey on 2009-02-21
4
Affects Status Importance Assigned to Milestone
ipsec-tools (Debian)
Fix Released
Unknown
ipsec-tools (Fedora)
Fix Released
Unknown
ipsec-tools (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: ipsec-tools

after upgrading from 8.04 to 8.10 (racoon 1:0.6.7-1ubuntu1 to 1:0.7-2.1ubuntu1) ipsec connections fail with these lines in the log:

Feb 21 16:04:15 portableHP racoon: INFO: ISAKMP-SA established 192.168.10.10[4500]-81.80.172.213[4500] spi:0574a13bd4c8aefe:e2d8e1c7f55e62cb
Feb 21 16:04:15 portableHP racoon-parkeon-phase1-up.sh: Starting
Feb 21 16:04:15 portableHP racoon-parkeon-phase1-up.sh: LOCAL_ADDR = 192.168.10.10
Feb 21 16:04:15 portableHP racoon-parkeon-phase1-up.sh: LOCAL_PORT = 4500
Feb 21 16:04:15 portableHP racoon-parkeon-phase1-up.sh: REMOTE_ADDR = 81.80.172.213
Feb 21 16:04:15 portableHP racoon-parkeon-phase1-up.sh: REMOTE_PORT = 4500
Feb 21 16:04:15 portableHP racoon-parkeon-phase1-up.sh: DEFAULT_GW = 192.168.10.2
Feb 21 16:04:15 portableHP racoon-parkeon-phase1-up.sh: INTERNAL_ADDR4 = 192.168.190.12
Feb 21 16:04:15 portableHP racoon-parkeon-phase1-up.sh: INTERNAL_DNS4 = 192.168.76.215
Feb 21 16:04:15 portableHP racoon-parkeon-phase1-up.sh: Setting up resolv.conf
Feb 21 16:04:15 portableHP racoon-parkeon-phase1-up.sh: Setting up routes
Feb 21 16:04:16 portableHP racoon: NOTIFY: NAT-T is enabled, autoconfiguring ports
Feb 21 16:04:16 portableHP racoon: ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
Feb 21 16:04:16 portableHP racoon: ERROR: failed to bind to address 127.0.0.1[4500] (Address already in use).
Feb 21 16:04:16 portableHP racoon: ERROR: failed to bind to address 192.168.10.10[500] (Address already in use).
Feb 21 16:04:16 portableHP racoon: ERROR: failed to bind to address 192.168.10.10[4500] (Address already in use).

ie just after the phase 1 completes [ the racoon-parkeon stuff is generated by my scripts]

The problem has already been fixed upstream (in their CVS) but not yet released even in 0.7.1

Applying the patch ipsec-tools-0.7-cvs-iface.patch contained in the tgz dowloadable from https://bugzilla.redhat.com/show_bug.cgi?id=273261 fixes the problem.

For convenience I'm attaching the patch here too.

If there will be no new upstream release soon could this patch be applied by ubuntu (or debian) as redhat have done?

Cheers,

Martin

Martin Fuzzey (mfuzzey) wrote :
Johnathon (kirrus) wrote :

Hi Martin.

Can you create a test-case for us, a step-by-step process that we can use to replicate the problem?

Changed in ipsec-tools:
status: New → Incomplete
Martin Fuzzey (mfuzzey) wrote :

Hi Johnathon

that's a bit difficult to do without giving you an account on my companie's VPN (which I can't do)

configuration is aggressive mode with x509 certificates

connection establishment is requested using racoonctl

Martin

Changed in ipsec-tools:
status: Unknown → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ipsec-tools - 1:0.7.1-1.5ubuntu4

---------------
ipsec-tools (1:0.7.1-1.5ubuntu4) karmic; urgency=low

  * src/racoon/isakmp.c: Fix address already in use. (LP: #332606)

 -- Chuck Short <email address hidden> Tue, 15 Sep 2009 08:39:41 -0400

Changed in ipsec-tools (Ubuntu):
status: Incomplete → Fix Released
Changed in ipsec-tools (Debian):
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.