#65 racoon closes all listening sockets

0.6 branch

On a Linux/x86 system, about once every 2~4 weeks, racoon suddenly closes all listening sockets. There is no entry in the output of:

netstat -antup | grep racoon

when run as root.

There doesn't seem to be any unusual entry in the logs, other than SA expirations right before the sockets go away:

racoon: INFO: ISAKMP-SA expired[500]-[500] spi:1632fa5392c56738:2bf6d5a458859012
racoon: INFO: ISAKMP-SA deleted[500]-[500] spi:1632fa5392c56738:2bf6d5a458859012
racoon: INFO: IPsec-SA expired: AH/Transport[0]->[0] spi=99907246(0x5f476ae)
racoon: INFO: IPsec-SA expired: ESP/Transport[0]->[0] spi=18640305(0x11c6db1)
racoon: INFO: IPsec-SA expired: AH/Transport[0]->[0] spi=229707431(0xdb10ea7)
racoon: INFO: IPsec-SA expired: ESP/Transport[0]->[0] spi=176902503(0xa8b5167)

Immediately after that, racoon stops listening and can no longer be reached from other hosts. netstat shows no listening sockets for racoon. However, ps shows racoon is still running.

I'm not sure how to go about debugging this, so any suggestions on how more information can be extracted to track down the cause would be appreciated.

The system is on Linux kernel, running Debian/etch for i386.

ipsec-tools and racoon are both 0.6.6-3.1etch1

No sf.net account, so I can be reached at ramune@net-ronin.org


  • Nobody/Anonymous

    Logged In: NO

    I also use the same racoon version, but my kernel version is 2.6.16-2-686 (really old). Maybe I have similar problems. Once a week racoon stops responding to ISAKMP packets. I made a "strace -p `cat /var/run/racoon.pid` -tt -o /tmp/strace-racoon.log" to generate a system-calls log file. My racoon does'nt close listening sockets, but hangs in a read system call at filedescriptor 4. Sometimes the read call finishes after some minutes, an hour or never. Next time I catch my racoon in such a state, i will do "netstat -antup | grep racoon" to verify, if this is the same or a differerent problem.


  • Nobody/Anonymous

    Logged In: NO

    Just I catched my racoon in the "frozen" state. I did "netstat -antup | grep racoon" but racoon is still listening on port 500. So my problem must be different. Sorry.


  • Timo Teras

    Timo Teras - 2009-01-16
    • status: open --> closed
  • Timo Teras

    Timo Teras - 2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks