From: Paul W. <Pau...@ta...> - 2007-06-14 07:17:13
|
What's in your racoon.conf? I had more luck (on linux) using interface dummy0 rather than eth0:1 as my private interface. Also what's in your routing table? What does "ip route show" display. Gabriel Somlo wrote: > On 6/13/07, Joy Latten <la...@au...> wrote: > >>>pk_recv: retry[0] recv() >>>get pfkey ACQUIRE message >>>... >>>some large hex blob >>>... >>>ignore because do not listen on source address: 192.168.123.234 >>> >>>(that's my usual, "public" ip address on the machine I used). > > ... > >>You mentioned a sub-interface for eth0, is it 192.168.123.234? > > > Before I connect to the VPN server, I have this: > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:0b:db:7d:54:7d brd ff:ff:ff:ff:ff:ff > inet 192.168.123.234/24 brd 192.168.123.255 scope global eth0 > inet6 fe80::20b:dbff:fe7d:547d/64 scope link > valid_lft forever preferred_lft forever > > After I connect, I get this: > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:0b:db:7d:54:7d brd ff:ff:ff:ff:ff:ff > inet 192.168.123.234/24 brd 192.168.123.255 scope global eth0 > inet 172.31.4.4/16 brd 172.31.255.255 scope global eth0:1 > inet6 fe80::20b:dbff:fe7d:547d/64 scope link > valid_lft forever preferred_lft forever > > 172.31.4.4 is my vpn-server assigned client address, and shows up as eth0:1 in > ifconfig. > > After looking at the racoon debug log once more, I noticed the > following lines right > after the phase1_up script was launched: > > 2007-06-13 16:42:42: ERROR: unsuitable address: eth0 172.31.4.4 > 2007-06-13 16:42:42: DEBUG: my interface: 192.168.123.234 (eth0) > 2007-06-13 16:42:42: DEBUG: my interface: 127.0.0.1 (lo) > 2007-06-13 16:42:42: DEBUG: configuring default isakmp port. > 2007-06-13 16:42:42: DEBUG: 4 addrs are configured successfully > 2007-06-13 16:42:42: ERROR: failed to bind to address 127.0.0.1[500] > (Address already in use). > 2007-06-13 16:42:42: ERROR: failed to bind to address > 192.168.123.234[500] (Address already in use). > 2007-06-13 16:42:42: ERROR: failed to bind to address ::1[500] > (Address already in use). > 2007-06-13 16:42:42: ERROR: failed to bind to address > fe80::20b:dbff:fe7d:547d%eth0[500] (Address already in use). > 2007-06-13 16:42:42: ERROR: no address could be bound. > 2007-06-13 16:42:42: DEBUG: pk_recv: retry[0] recv() > 2007-06-13 16:42:42: DEBUG: get pfkey REGISTER message > > However, the phase1_up script gets all the correct values, runs > successfully, but > anytime I try to send a packet through the tunnel to a new address, racoon gets > an acquire and gives the error I was originally complaining about: > > 2007-06-13 16:43:37: DEBUG: pk_recv: retry[0] recv() > 2007-06-13 16:43:37: DEBUG: get pfkey ACQUIRE message > 2007-06-13 16:43:37: DEBUG: ignore because do not listen on source > address : 192.168.123.234. > > > Any clue as to what might happen is much appreciated ! > > Thanks, > Gabriel > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel |