(racoon 752) Forward: Problems with racoon under Suse 9.1

[SUZUKI Shinsuke <suz@crl.hitachi.co.jp>]

--- Begin Message ---

• To: <Majordomo-Owner@orange.kame.net>
• Subject: Problems with racoon under Suse 9.1
• From: "Andi" <andi77_03@onlinehome.de>
• Date: Sun, 19 Sep 2004 15:25:41 +0200
• Delivered-to: suz@kame.net

Hello to the KAME-Team,

 

I have a great problem with your software ipsec-tools under Suse 9.1 and I try to explain my situation, but my english is not the best.

I hope you can understand me!

 

I have two Gateways with two Nics in each PC (Suse 9.1 with OnlineUpdate + IPSec-Tools). Setkey ist started before racoon will be start.
A ping signal can be send to the external Nics.
Setkey starts without problems in the debug mode. Then I start racoon and I get an error message.

2004-09-08 13:36:33: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.

 

2004-09-08 13:36:33: ERROR: failed to bind to address fe80::210:a7ff:fe19:44d4%253[500] (No such device).
2004-09-08 13:36:33: ERROR: failed to bind to address fe80::2c0:26ff:fef0:77f6%253[500] (No such device).

 

The firewall is deactivated.
I am not using IPV6 but racoon have problems to bind to this address. I don´t understand why racoon this address is using, because I use only IPV4 address.

 

Have you an idea?

 

 

Gruß,
Andreas

 

 

racoon -4 -F -d -v -d
Foreground mode.
2004-09-08 13:36:32: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net)
2004-09-08 13:36:32: INFO: @(#)This product linked OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
2004-09-08 13:36:32: DEBUG: call pfkey_send_register for AH
2004-09-08 13:36:32: DEBUG: call pfkey_send_register for ESP
2004-09-08 13:36:33: DEBUG: call pfkey_send_register for IPCOMP
2004-09-08 13:36:33: DEBUG: reading config file /etc/racoon/racoon.conf
2004-09-08 13:36:33: DEBUG2: <3>
2004-09-08 13:36:33: DEBUG2: begin <5>path
2004-09-08 13:36:33: DEBUG2: <5>
2004-09-08 13:36:33: DEBUG2: <5>
2004-09-08 13:36:33: DEBUG2: begin <3>;
2004-09-08 13:36:33: DEBUG2: begin <25>remote
2004-09-08 13:36:33: DEBUG2: <25>
2004-09-08 13:36:33: DEBUG2: <27>
2004-09-08 13:36:33: DEBUG2: <27>
2004-09-08 13:36:33: DEBUG2: begin <29>proposal
2004-09-08 13:36:33: DEBUG2: <29>
2004-09-08 13:36:33: DEBUG2: <29>
2004-09-08 13:36:33: DEBUG2: <29>
2004-09-08 13:36:33: DEBUG2: <29>
2004-09-08 13:36:33: DEBUG2: <29>
2004-09-08 13:36:33: DEBUG2: <29>
2004-09-08 13:36:33: DEBUG2: <29>
2004-09-08 13:36:33: DEBUG2: <29>
2004-09-08 13:36:33: DEBUG2: lifetime = 28800
2004-09-08 13:36:33: DEBUG2: lifebyte = 0
2004-09-08 13:36:33: DEBUG2: encklen=0
2004-09-08 13:36:33: DEBUG2: p:1 t:1
2004-09-08 13:36:33: DEBUG2: 3DES-CBC(5)
2004-09-08 13:36:33: DEBUG2: MD5(1)
2004-09-08 13:36:33: DEBUG2: 1024-bit MODP group(2)
2004-09-08 13:36:33: DEBUG2: pre-shared key(1)
2004-09-08 13:36:33: DEBUG2:
2004-09-08 13:36:33: DEBUG2: begin <21>sainfo
2004-09-08 13:36:33: DEBUG2: <21>
2004-09-08 13:36:33: DEBUG2: <21>
2004-09-08 13:36:33: DEBUG2: <21>
2004-09-08 13:36:33: DEBUG2: <21>
2004-09-08 13:36:33: DEBUG2: <21>
2004-09-08 13:36:33: DEBUG2: <21>
2004-09-08 13:36:33: DEBUG2: <21>
2004-09-08 13:36:33: DEBUG2: <21>
2004-09-08 13:36:33: DEBUG2: <23>
2004-09-08 13:36:33: DEBUG2: <23>
2004-09-08 13:36:33: DEBUG2: <23>
2004-09-08 13:36:33: DEBUG2: <23>
2004-09-08 13:36:33: DEBUG2: <23>
2004-09-08 13:36:33: DEBUG2: <23>
2004-09-08 13:36:33: DEBUG2: <23>
2004-09-08 13:36:33: DEBUG2: <23>
2004-09-08 13:36:33: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2004-09-08 13:36:33: DEBUG2: parse successed.
2004-09-08 13:36:33: DEBUG: my interface: 127.0.0.1 (lo)
2004-09-08 13:36:33: DEBUG: my interface: 10.0.1.1 (eth0)
2004-09-08 13:36:33: DEBUG: my interface: 3.0.0.1 (eth1)
2004-09-08 13:36:33: DEBUG: my interface: ::1 (lo)
2004-09-08 13:36:33: DEBUG: my interface: fe80::2c0:26ff:fef0:77f6%253 (eth0)
2004-09-08 13:36:33: DEBUG: my interface: fe80::210:a7ff:fe19:44d4%253 (eth1)
2004-09-08 13:36:33: DEBUG: configuring default isakmp port.
2004-09-08 13:36:33: DEBUG: 6 addrs are configured successfully
2004-09-08 13:36:33: ERROR: failed to bind to address fe80::210:a7ff:fe19:44d4%253[500] (No such device).
2004-09-08 13:36:33: ERROR: failed to bind to address fe80::2c0:26ff:fef0:77f6%253[500] (No such device).
2004-09-08 13:36:33: ERROR: failed to bind to address ::1[500] (Address already in use).
2004-09-08 13:36:33: ERROR: failed to bind to address 3.0.0.1[500] (Address already in use).
2004-09-08 13:36:33: ERROR: failed to bind to address 10.0.1.1[500] (Address already in use).
2004-09-08 13:36:33: ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
2004-09-08 13:36:33: ERROR: no address could be bound.

 

racoon.conf:

 

# racoon.conf fuer PSKs (New York)

 

path pre_shared_key "/etc/racoon/psk.txt";

 

remote 5.0.0.1
{
exchange_mode main;
proposal
{
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group modp1024;
}
}

 

sainfo address 10.0.1.0/24 any address 10.0.2.0/24 any
{
pfs_group modp768;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}

 

setkey.conf:

 

#Conf-Datei fuer PC mit IP 3.0.0.1 (New York)
#Dies ist die Datei /etc/setkey.conf
#Loesche die SAD und SPD
flush;
spdflush;

 

#Richtlinien zur Verwendung der SAs (Tunnel NewYorkNet - BerlinNet)
spdadd 10.0.1.0/24 10.0.2.0/24 any -P out ipsec esp/tunnel/3.0.0.1-5.0.0.1/require;
spdadd 10.0.2.0/24 10.0.1.0 any -P in ipsec esp/tunnel/5.0.0.1-3.0.0.1/require;

 

psk.txt:

 

# IPV4 Adressen
#Identitaet Schluessel
3.0.0.1 Gateway New York
5.0.0.1 Gateway Berlin

--- End Message ---