Date: Fri, 4 Jan 2008 13:26:49 -0500 From: "Lyle Scott III" <portcitycs@gmail.com> To: freebsd-questions@freebsd.org Subject: racoon saying local address is already in use Message-ID: <5a1835cd0801041026j4adae046vc03a8c92627a709f@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I am trying to setup FreeBSD 6.2 + ipsec-tool + pf to talk to a sonicwall via vpn 172.16.5.0/24 [lan]---------[freebsd] 66.66.66.66 ----[internet]----- 99.99.99.99 [sonicwall]------ 192.168.50.0/24 I am getting an error in /var/log/racoon.log that 172.16.5.1 is 'already in use'. I have verified that there are no racoon processes and start it up to the same result. Is there something I am missing? cat /var/log/racoon.log 2008-01-04 14:16:59: INFO: @(#)ipsec-tools 0.7 ( http://ipsec-tools.sourceforge.net) 2008-01-04 14:16:59: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/) 2008-01-04 14:16:59: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf" 2008-01-04 14:16:59: ERROR: failed to bind to address 172.16.5.1[500] (Address already in use). cat /usr/local/etc/racoon/racoon.conf # $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $ path include "/usr/local/etc/racoon" ; path pre_shared_key "/usr/local/etc/racoon/psk.txt"; #path certificate "/usr/local/openssl/certs" ; # Padding values. DONT CHANGE padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } timer { counter 5; interval 20 sec; persend 1; phase1 30 sec; phase2 15 sec; } #log debug; log notify; #listen #{ # isakmp 172.16.5.1; #} remote anonymous { exchange_mode aggressive; my_identifier address "65.184.55.226"; peers_identifier address "24.168.243.54"; lifetime time 28800 sec; # phase 1 proposal (for ISAKMP SA) proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2; } proposal_check obey; } # phase 2 proposal (for IPsec SA). sainfo anonymous { pfs_group 2; lifetime time 28800 sec; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate ; } cat /etc/ipsec.conf flush; spdflush; spdadd 172.16.5.0/24 192.168.50.0/24 any -P out ipsec esp/tunnel/65.184.x.x- 24.168.x.x/require; spdadd 192.168.50.0/24 172.16.5.0/24 any -P in ipsec esp/tunnel/24.168.x.x- 65.184.x.x/require; cat /etc/rc.conf gif_interfaces="gif0" gifconfig_gif0="65.184.x.x 24.168.x.x" ifconfig_gif0="inet 172.16.5.1 192.168.50.1 netmask 0xffffffff" static_routes="vpn" route_vpn="192.168.50.0 192.168.50.1 netmask 255.255.255.0" racoon_enable="YES" racoon_flags="-l /var/log/racoon.log" ipsec_enable="YES" ipsec_file="/etc/ipsec.conf" -- Lyle Scott, III http://www.lylescott.ws
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5a1835cd0801041026j4adae046vc03a8c92627a709f>