racoon saying local address is already in use

Lyle Scott III portcitycs at gmail.com
Fri Jan 4 10:26:55 PST 2008 

I am trying to setup FreeBSD 6.2 + ipsec-tool + pf to talk to a sonicwall
via vpn

172.16.5.0/24  [lan]---------[freebsd] 66.66.66.66  ----[internet]-----
99.99.99.99 [sonicwall]------ 192.168.50.0/24

I am getting an error in /var/log/racoon.log that 172.16.5.1 is 'already in
use'.  I have verified that there are no racoon processes and start it up to
the same result.  Is there something  I am missing?

cat /var/log/racoon.log
2008-01-04 14:16:59: INFO: @(#)ipsec-tools 0.7 (
http://ipsec-tools.sourceforge.net)
2008-01-04 14:16:59: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct
2004 (http://www.openssl.org/)
2008-01-04 14:16:59: INFO: Reading configuration from
"/usr/local/etc/racoon/racoon.conf"
2008-01-04 14:16:59: ERROR: failed to bind to address 172.16.5.1[500]
(Address already in use).

cat /usr/local/etc/racoon/racoon.conf
# $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $
path include "/usr/local/etc/racoon" ;
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
#path certificate "/usr/local/openssl/certs" ;

# Padding values. DONT CHANGE
padding
{
        maximum_length 20;      # maximum padding length.
        randomize off;          # enable randomize length.
        strict_check off;       # enable strict check.
        exclusive_tail off;     # extract last one octet.
}
timer
{
        counter 5;
        interval 20 sec;
        persend 1;
        phase1 30 sec;
        phase2 15 sec;
}

#log debug;
log notify;

#listen
#{
#       isakmp  172.16.5.1;
#}

remote anonymous
{
        exchange_mode aggressive;
        my_identifier address "65.184.55.226";
        peers_identifier address "24.168.243.54";
        lifetime time 28800 sec;
        # phase 1 proposal (for ISAKMP SA)
        proposal {
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }
        proposal_check obey;
}

# phase 2 proposal (for IPsec SA).
sainfo anonymous
{
        pfs_group 2;
        lifetime time 28800 sec;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate ;
}

cat /etc/ipsec.conf
flush;
spdflush;
spdadd 172.16.5.0/24 192.168.50.0/24 any -P out ipsec esp/tunnel/65.184.x.x-
24.168.x.x/require;
spdadd 192.168.50.0/24 172.16.5.0/24 any -P in ipsec esp/tunnel/24.168.x.x-
65.184.x.x/require;

cat /etc/rc.conf
gif_interfaces="gif0"
gifconfig_gif0="65.184.x.x 24.168.x.x"
ifconfig_gif0="inet 172.16.5.1 192.168.50.1 netmask 0xffffffff"
static_routes="vpn"
route_vpn="192.168.50.0 192.168.50.1 netmask 255.255.255.0"
racoon_enable="YES"
racoon_flags="-l /var/log/racoon.log"
ipsec_enable="YES"
ipsec_file="/etc/ipsec.conf"

-- 
Lyle Scott, III
http://www.lylescott.ws

More information about the freebsd-questions mailing list