[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 538) sendmsg (Operation not permitted) while ipsec sa negociation

To: Racoon users mailing list <racoon@kame.net>
Subject: (racoon 538) sendmsg (Operation not permitted) while ipsec sa negociation
From: Cedric Delfosse <cedric.delfosse@linbox.com>
Date: Wed, 16 Jun 2004 11:28:47 +0200
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon-outgo@kame.net
Delivered-to: racoon@kame.net
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net

Hello,

I'm using racoon 0.3.1, with linux kernel 2.6.5.

I have these messages in my log:

Jun 16 10:35:37 vpn racoon: INFO: IPsec-SA request for 80.124.w.z queued
due to no phase1 found.
Jun 16 10:35:37 vpn racoon: DEBUG: ===
Jun 16 10:35:37 vpn racoon: INFO: initiate new phase 1 negotiation:
80.124.166.194[500]<=>80.124.156.226[500]
Jun 16 10:35:37 vpn racoon: INFO: begin Identity Protection mode.
Jun 16 10:35:37 vpn racoon: DEBUG: new cookie: 787b6296b68630fe
Jun 16 10:35:37 vpn racoon: DEBUG: add payload of len 48, next type 0
Jun 16 10:35:37 vpn racoon: DEBUG: 80 bytes from 80.124.x.y[500] to
80.124.w.z[500]
Jun 16 10:35:37 vpn racoon: DEBUG: sockname 80.124.x.y[500]
Jun 16 10:35:37 vpn racoon: DEBUG: send packet from 80.124.x.y[500]
Jun 16 10:35:37 vpn racoon: DEBUG: send packet to 80.124.w.z[500]
Jun 16 10:35:37 vpn racoon: DEBUG: src4 80.124.x.y[500]
Jun 16 10:35:37 vpn racoon: DEBUG: dst4 80.124.w.z[500]
Jun 16 10:35:37 vpn racoon: ERROR: sendmsg (Operation not permitted)
Jun 16 10:35:37 vpn racoon: ERROR: sendfromto failed
Jun 16 10:35:37 vpn racoon: ERROR: failed to begin ipsec sa
negotication.

Well, I don't think it's racoon fault :), the guilty must be the linux
kernel.

Here is my setup:

     roadwarriors
          |
          |
          |
        IPSEC
          |
          |
          |
     /- eth2 <-------------IPSEC tunnel----------> eth2 -\
    /                                                     \
GW1 --- eth1 <--> Internet             Internet -> eth1 --- GW2
    \
     \--eth0 <--> intranet


GW1 and GW2 are PC running Linux 2.6.5, racoon 0.3.1.

As you can see, the eth2 network interface from GW1 and GW2 are
dedicated to IPSec traffic.
On GW1 the default internet gateway is eth1. So on GW1, I added a route
to eth2 IP so that the IPSec traffic is routed through eth2.
This setup works really fine with racoon since one month.

Now for each roadwarrior connecting to GW1, we want the IPSec traffic to
go through eth2. Roadwarriors are connecting to eth2 interface IP. As
the default route on GW1 is eth1, a route is added "manually" (a simple
web interface) for each roadwarrior IP so that the traffic is re-routed
through eth2.

And it looks like that just adding these routes are causing the bug,
because else the IPsec tunnel between GW1 and GW2 works really fine.

Have you already seen something similar ?

Regards,

-- 
Cédric Delfosse                             Linbox / Free&ALter Soft
152, rue de Grigy - Technopole Metz              57070 Metz - FRANCE
tél: +33 (0)3 87 50 87 90                          http://linbox.com

Follow-Ups:
- (racoon 546) Re: sendmsg (Operation not permitted) while ipsec sa negociation
  - From: Satoshi Inoue <inoue@ntes.ipv6.nec.co.jp>

Prev by Date: (racoon 537) Re: [Ipsec-tools-devel] Re: authentication bug in KAME's racoon (fwd)
Next by Date: (racoon 539) Re: [Ipsec-tools-devel] Re: authentication bug in KAME's racoon (fwd)
Previous by thread: (racoon 544) Re: [Ipsec-tools-devel] Re: authentication bug in KAME's racoon (fwd)
Next by thread: (racoon 546) Re: sendmsg (Operation not permitted) while ipsec sa negociation
Index(es):
- Date
- Thread