From owner-freebsd-questions@FreeBSD.ORG  Fri Jan  4 18:26:55 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A18A516A417
	for <freebsd-questions@freebsd.org>;
	Fri,  4 Jan 2008 18:26:55 +0000 (UTC)
	(envelope-from portcitycs@gmail.com)
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.235])
	by mx1.freebsd.org (Postfix) with ESMTP id 4F62113C447
	for <freebsd-questions@freebsd.org>;
	Fri,  4 Jan 2008 18:26:54 +0000 (UTC)
	(envelope-from portcitycs@gmail.com)
Received: by wx-out-0506.google.com with SMTP id i29so2113066wxd.7
	for <freebsd-questions@freebsd.org>;
	Fri, 04 Jan 2008 10:26:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
	bh=5lkoTsVN1xHDXh1kcn9cfRGi6Rke7bBjAtvWzmQRJok=;
	b=f3SYb8haF2z6Cna04ZSunnaj/4GhsUpYx+ffww6R+hTpbJfpGHp9TqTmc+8+bBl2xYLPWDC8jWEUauhmH7YuCIF8q73YwQRf47XM0Wwea/QuTOrjZtM3v9YxwhPpJdz1wC46F0XuuvphLV/X8IT8N+u7qHwNS3CdT+rK300EHgc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:mime-version:content-type;
	b=MM+CeRCnx4Wv/ElGbM+myhcRZAWbXC1BrGaQiD7voBJah9oC4JT4lnA3qhkw2Xqa6yz0Duc06VF6W//ODPBCiijqFfIpWfJUHdqX5G+Y96ZI4pGVklEYg6syOWs1ktP0uKZZPMowrw8DiGJR9fwQgaRyLm3n8dTN059mfwCcXtg=
Received: by 10.143.162.8 with SMTP id p8mr1328394wfo.63.1199471209372;
	Fri, 04 Jan 2008 10:26:49 -0800 (PST)
Received: by 10.142.238.2 with HTTP; Fri, 4 Jan 2008 10:26:49 -0800 (PST)
Message-ID: <5a1835cd0801041026j4adae046vc03a8c92627a709f@mail.gmail.com>
Date: Fri, 4 Jan 2008 13:26:49 -0500
From: "Lyle Scott III" <portcitycs@gmail.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: racoon saying local address is already in use
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2008 18:26:55 -0000

I am trying to setup FreeBSD 6.2 + ipsec-tool + pf to talk to a sonicwall
via vpn

172.16.5.0/24  [lan]---------[freebsd] 66.66.66.66  ----[internet]-----
99.99.99.99 [sonicwall]------ 192.168.50.0/24

I am getting an error in /var/log/racoon.log that 172.16.5.1 is 'already in
use'.  I have verified that there are no racoon processes and start it up to
the same result.  Is there something  I am missing?

cat /var/log/racoon.log
2008-01-04 14:16:59: INFO: @(#)ipsec-tools 0.7 (
http://ipsec-tools.sourceforge.net)
2008-01-04 14:16:59: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct
2004 (http://www.openssl.org/)
2008-01-04 14:16:59: INFO: Reading configuration from
"/usr/local/etc/racoon/racoon.conf"
2008-01-04 14:16:59: ERROR: failed to bind to address 172.16.5.1[500]
(Address already in use).

cat /usr/local/etc/racoon/racoon.conf
# $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $
path include "/usr/local/etc/racoon" ;
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
#path certificate "/usr/local/openssl/certs" ;

# Padding values. DONT CHANGE
padding
{
        maximum_length 20;      # maximum padding length.
        randomize off;          # enable randomize length.
        strict_check off;       # enable strict check.
        exclusive_tail off;     # extract last one octet.
}
timer
{
        counter 5;
        interval 20 sec;
        persend 1;
        phase1 30 sec;
        phase2 15 sec;
}

#log debug;
log notify;

#listen
#{
#       isakmp  172.16.5.1;
#}

remote anonymous
{
        exchange_mode aggressive;
        my_identifier address "65.184.55.226";
        peers_identifier address "24.168.243.54";
        lifetime time 28800 sec;
        # phase 1 proposal (for ISAKMP SA)
        proposal {
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }
        proposal_check obey;
}

# phase 2 proposal (for IPsec SA).
sainfo anonymous
{
        pfs_group 2;
        lifetime time 28800 sec;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate ;
}

cat /etc/ipsec.conf
flush;
spdflush;
spdadd 172.16.5.0/24 192.168.50.0/24 any -P out ipsec esp/tunnel/65.184.x.x-
24.168.x.x/require;
spdadd 192.168.50.0/24 172.16.5.0/24 any -P in ipsec esp/tunnel/24.168.x.x-
65.184.x.x/require;

cat /etc/rc.conf
gif_interfaces="gif0"
gifconfig_gif0="65.184.x.x 24.168.x.x"
ifconfig_gif0="inet 172.16.5.1 192.168.50.1 netmask 0xffffffff"
static_routes="vpn"
route_vpn="192.168.50.0 192.168.50.1 netmask 255.255.255.0"
racoon_enable="YES"
racoon_flags="-l /var/log/racoon.log"
ipsec_enable="YES"
ipsec_file="/etc/ipsec.conf"

-- 
Lyle Scott, III
http://www.lylescott.ws