ipsec and x509 certificate

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi I'm trying to get ipsec working with x509 certificates however I
just can't seem to. I've hit a road block and was wondering if someone
could help me figure it out. my racoon.conf (I have it mirrored on the
connecting machine.

path pre_shared_key "/etc/racoon/psk.txt";
path certificate    "/etc/certs";

remote anonymous
{
    exchange_mode aggressive,main;

    my_identifier asn1dn;
    peers_identifier asn1dn;

    lifetime time 2 min;   # sec,min,hour
    initial_contact on;
    proposal_check obey;     # obey, strict or claim

    certificate_type x509 "slave1.public" "slave1.private";

    proposal {
            encryption_algorithm 3des;
            hash_algorithm sha1;
            authentication_method rsasig;
            dh_group 2 ;
    }
}

sainfo anonymous
{
    pfs_group 1;
    lifetime time 2 min;
    encryption_algorithm 3des ;
    authentication_algorithm hmac_sha1;
         compression_algorithm deflate ;
}

remote 192.168.0.29
{
    exchange_mode aggressive,main;
    my_identifier asn1dn;
    peers_identifier asn1dn;

    certificate_type x509 "slave1.public" "slave1.private";

    peers_certfile "slave2.public";

    proposal {
         encryption_algorithm 3des;
         hash_algorithm sha1;
         authentication_method rsasig;
         dh_group 2 ;
    }
}

my racoon.log says this
2007-02-01 15:12:54: INFO: @(#)ipsec-tools 0.6.3
(http://ipsec-tools.sourceforge.net)
2007-02-01 15:12:54: INFO: @(#)This product linked OpenSSL 0.9.8d 28
Sep 2006 (http://www.openssl.org/)
2007-02-01 15:12:54: ERROR: failed to bind to address 127.0.0.1[500]
(Address already in use).
2007-02-01 15:12:54: ERROR: failed to bind to address
207.179.73.150[500] (Address already in use).
2007-02-01 15:12:54: ERROR: failed to bind to address 192.168.1.2[500]
(Address already in use).
2007-02-01 15:12:54: ERROR: failed to bind to address 192.168.0.1[500]
(Address already in use).
2007-02-01 15:12:54: ERROR: no address could be bound.
2007-02-01 15:34:02: INFO: @(#)ipsec-tools 0.6.3
(http://ipsec-tools.sourceforge.net)
2007-02-01 15:34:02: INFO: @(#)This product linked OpenSSL 0.9.8d 28
Sep 2006 (http://www.openssl.org/)
2007-02-01 15:34:02: WARNING: /etc/racoon/racoon.conf:42:
""slave2.public" This directive without certtype will be removed!

2007-02-01 15:34:02: WARNING: /etc/racoon/racoon.conf:42:
""slave2.public" Please use 'peers_certfile x509 "slave2.public";'
instead

2007-02-01 15:34:02: ERROR: failed to bind to address 127.0.0.1[500]
(Address already in use).
2007-02-01 15:34:02: ERROR: failed to bind to address <my public
IP>[500] (Address already in use).
2007-02-01 15:34:02: ERROR: failed to bind to address 192.168.1.2[500]
(Address already in use).
2007-02-01 15:34:02: ERROR: failed to bind to address 192.168.0.1[500]
(Address already in use).
2007-02-01 15:34:02: ERROR: no address could be bound.

how do I get it to be bound? is it possible to have it not bound?
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux