[Ipsec-tools-devel] Isakmpd Configuration Problem for Linux Kernel 2.6: UDP create error

[<ya...@fu...>]

<BODY><P>When I was running ipsec configuration using isakmpd under ipv6 protocol, the following messages appeared in the console:</P>
<P>154920.523250 Default udp_create: 2001:3:4:5::2:500 must exist as a listener too<BR>154920.523266 Default exchange_establish: transport "udp" for peer "hostB" could not be created<BR></P>
<P>At first I suspected that udp port 500 was occupied, so I ran command netstat -ua to check:</P>
<P>&nbsp;</P>
<P>Proto Recv-Q Send-Q Local Address&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Foreign Address&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; State<BR>udp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 *:32768&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *:*<BR>
udp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 *:796&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *:*<BR>udp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 *:5353&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *:*<BR>
udp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 *:5353&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *:*<BR>udp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 *:sunrpc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *:*<BR>
udp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 *:ipp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *:*<BR><BR>&nbsp;&nbsp;&nbsp; Seems that port 500 was vacant, and my configuration files are listed below:</P>
<P>isakmpd.conf</P>
<P>[General]<BR>Retransmits = 5<BR>Exchange-max-time = 120<BR>Listen-on=2001:3:4:5::2</P>
<P>[Phase 1]<BR>2001:3:4:5::1 = hostB</P>
<P>[Phase 2]<BR>Connections = HostC-HostB</P>
<P>[hostB]<BR>Phase = 1<BR>Local-address = 2001:3:4:5::2<BR>Address = 2001:3:4:5::1<BR>Configuration = Default-main-mode<BR>Authentication = thisispasswd</P>
<P>[HostC-HostB]<BR>Phase = 2<BR>ISAKMP-peer = hostB<BR>Configuration = Default-quick-mode<BR>Local-ID = Net-C<BR>Remote-ID = Net-B</P>
<P>[Net-C]<BR>ID-type = IPV6_ADDR<BR>Address = 2001:3:4:5::2</P>
<P>[Net-B]<BR>ID-type = IPV6_ADDR<BR>Address = 2001:3:4:5::2</P>
<P>[Default-main-mode]<BR>DOI = IPSEC<BR>EXCHANGE_TYPE = ID_PROT<BR>Transforms = 3DES-MD5</P>
<P>[Default-quick-mode]<BR>DOI = IPSEC<BR>EXCHANGE_TYPE = QUICK_MODE<BR>Suites = QM-ESP-3DES-MD5-PFS-SUITE<BR></P>
<P>isakmpd.policy</P>
<P>Athorizer: "POLICY"thorizer: "POLICY"<BR>Licensees: "passphrase:thisispasswd"<BR>Conditions:app_domain == "IPsec policy" &amp;&amp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (esp_present =="yes"<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ||ah_present=="yes")-&gt;"true";<BR></P>
<P>&nbsp;&nbsp;&nbsp;&nbsp; I don't know what was wrong with my configuration, can anyone tell me the proper cause of this problem? Thanks a lot.</P>
<P>Best Regards, Shen Yan Ran<BR><BR></P><BR><BR>Best Regards, Shen Yan Ran<BR><BR><BR><BR>Best Regards, Shen Yan Ran<BR><BR></BODY>