(racoon 812) Newbie help....

["Donovan J. Edye" <donovan@edyeweb.com>]

G'Day,

- Apologies for the long post, but I wanted to provide all the info that I
thought would be needed
- I am running racoon and friends under Fedora Core 2 and need to set up the
following:

Network-A            Gateway-A
Gateway-B        Network-B
192.168.40.0/24 ---- 192.168.40.1 [NAT] DynamicIP  {Internet} ------
203.xx.xx.xx ---- 192.168.42.0/24

- Essentially GateWay-A is a router that is doing NAT with a dynamically
assigned IP address on the Internet. I am attempting to run IPSEC on
192.168.40.3 which has a default gateway of 192.168.40.1 and a route table
as:

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.40.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         192.168.40.1    0.0.0.0         UG    0      0        0 eth0

- Gateway_B has a static IP address of 203.xx.xx.xx on the Internet behind
which is the 192.168.42.0/24 network that I want to access. Gateway-B is a
hardware device that I have been given config files of my connection. These
are as follows:

conn DonovanHome
	type = tunnel
	left = %defaultroute
	x-interface = %defaultroute
	right = 0.0.0.0
	leftsubnet = 192.168.42.0/255.255.255.0
	rightsubnet = 192.168.40.0/255.255.255.0
	auto = add
	keyexchange = ike
	authby = secret
	auth = esp
	keyingtries = 0
	pfs = yes
	esp = 3DES-SHA1
	ike = 3DES-SHA-MODP1024
	aggrmode = yes
	ikelifetime = 300m
	keylife = 60m
	compress = yes
	rekey = no
	leftid = C-Dono
	rightid = Dono
	pfsgroup = MODP1024
	rekeyfuzz = 50%
	rekeymargin = 1m

- I have made the following config's on my Fedora box:

[ipsec.conf]
#!/usr/sbin/setkey -f
#
# Flush SAD and SPD
flush;
spdflush;

# Create policies for racoon
        spdadd 192.168.40.0/24 192.168.42.0/24 any -P out ipsec
                esp/tunnel/192.168.40.1-203.26.16.136/require ;
        spdadd 192.168.42.0/24 192.168.40.0/24 any -P in ipsec
                esp/tunnel/203.26.16.136-192.168.40.1/require ;

[racoon.conf]
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

sainfo anonymous
{
       pfs_group 2;
       lifetime time 1 hour ;
       encryption_algorithm 3des, blowfish 448, rijndael ;
       authentication_algorithm hmac_sha1, hmac_md5 ;
       compression_algorithm deflate ;
}
include "/etc/racoon/203.xx.xx.xxx.conf";

xx.xx to protect the innocent ;-)

[203.xx.xx.xxx.conf]
remote 203.xx.xx.xx
{
        exchange_mode aggressive, main;
        my_identifier address;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group modp1024 ;
        }
}

- I invoke IPSEC as follows:

setkey -f /etc/ipsec.conf

- And then to test racoon

racoon -F -f /etc/racoon/racoon.conf -v

Syslog then displays the following

Oct 19 20:16:28 moe racoon: 2004-10-19 20:16:28: INFO: main.c:174:main():
@(#)racoon - IPsec-tools 0.2.3
Oct 19 20:16:28 moe racoon: 2004-10-19 20:16:28: INFO: main.c:175:main():
@(#)This product linked OpenSSL 0.9.7a Feb 19 2003 (http:/
/www.openssl.org/)
Oct 19 20:16:29 moe racoon: 2004-10-19 20:16:29: ERROR:
isakmp.c:1378:isakmp_open(): failed to bind to address fe80::240:63ff:fed8:5
729%253[500] (No such device).
Oct 19 20:16:29 moe racoon: 2004-10-19 20:16:29: ERROR:
isakmp.c:1378:isakmp_open(): failed to bind to address ::1[500] (Address alr
eady in use).
Oct 19 20:16:29 moe racoon: 2004-10-19 20:16:29: ERROR:
isakmp.c:1378:isakmp_open(): failed to bind to address 192.168.40.3[500] (Ad
dress already in use).
Oct 19 20:16:29 moe racoon: 2004-10-19 20:16:29: ERROR:
isakmp.c:1378:isakmp_open(): failed to bind to address 127.0.0.1[500] (Addre
ss already in use).
Oct 19 20:16:29 moe racoon: 2004-10-19 20:16:29: ERROR:
isakmp.c:1402:isakmp_open(): no address could be bound.

- So if you have read this far then you are doing well. So can you help me
get this working?

TIA

--Donovan