[support] can't move to foreign network (dynamic keyring with racoon2)

Brama Subhifajar first_shaboo at yahoo.com
Mon Jun 29 07:39:05 JST 2009 

here is command I used to debug :

#iked -Fddd -D 0 -l iked.log

is this right?

the result for HA is:

2009-06-27 16:05:36 [INFO]: main.c:300:main(): starting iked for racoon2 20071227d
2009-06-27 16:05:36 [INFO]: main.c:303:main(): OPENSSLDIR: "/usr/lib/ssl"
2009-06-27 16:05:36 [INFO]: main.c:314:main(): reading config /etc/racoon2/racoon2.conf
2009-06-27 16:05:37 [DEBUG]: ike_pfkey.c:180:sadb_init(): pfkey_socket: 3
2009-06-27 16:05:37 [DEBUG]: ike_conf.c:4126:ike_conf_check_consistency(): checking configuration
2009-06-27 16:05:37 [DEBUG]: algorithm.c:499:alg_oakley_encdef(): encryption(aes)
2009-06-27 16:05:37 [DEBUG]: algorithm.c:499:alg_oakley_encdef(): encryption(3des)
2009-06-27
16:05:37 [INTERNAL_WARN]: ike_conf.c:3769:ike_conf_check_ikev2():
remote (default) ikev2 ipsec_sa_nego_time_limit configuration field
support is unimplemented, ignored
2009-06-27 16:05:37 [INTERNAL_WARN]: ike_conf.c:4218:ike_conf_check_consistency(): configuration errors: 0, warnings: 1
2009-06-27 16:05:37 [DEBUG]: netlink.c:58:rtsock_init(): rtnetlink_socket: 4
2009-06-27 16:05:37 [DEBUG]: if_spmd.c:354: spmd I/F connection ok: 220 163958B35723536EF49BDA0B016FD62556F606BB
2009-06-27 16:05:37 [DEBUG]: cfsetup.c:3866: read 16 bytes
2009-06-27 16:05:37 [DEBUG]: if_spmd.c:416: spmd LOGIN ok: 250 OK
2009-06-27 16:05:37 [DEBUG]: ike_spmif.c:69:ike_spmif_init(): spmif_socket: 5
2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use
2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use
2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:1::1[500]): Address already in use
2009-06-27
16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::21a:92ff:fed6:3f45%eth0[500]): Address already in use
2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:2::1[500]): Address already in use
2009-06-27
16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::21e:58ff:fe31:c1c3%eth1[500]): Address already in use
2009-06-27 16:05:37 [INFO]: main.c:417:main(): starting iked for racoon2 20071227d
2009-06-27 16:05:38 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use
2009-06-27 16:05:38 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use
2009-06-27 16:05:38 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:1::1[500]): Address already in use
2009-06-27
16:05:38 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::21a:92ff:fed6:3f45%eth0[500]): Address already in use

and for MN is :

2009-06-28 16:06:26 [INFO]: main.c:300:main(): starting iked for racoon2 20071227d
2009-06-28 16:06:26 [INFO]: main.c:303:main(): OPENSSLDIR: "/usr/lib/ssl"
2009-06-28 16:06:26 [INFO]: main.c:314:main(): reading config /etc/racoon2/racoon2.conf
2009-06-28 16:06:27 [DEBUG]: ike_pfkey.c:180:sadb_init(): pfkey_socket: 3
2009-06-28 16:06:27 [DEBUG]: ike_conf.c:4126:ike_conf_check_consistency(): checking configuration
2009-06-28 16:06:27 [DEBUG]: netlink.c:58:rtsock_init(): rtnetlink_socket: 4
2009-06-28 16:06:27 [DEBUG]: if_spmd.c:354: spmd I/F connection ok: 220 FD45AE5ECDA0BA8A15FEE940C9B41C56B2F425FB
2009-06-28 16:06:27 [DEBUG]: cfsetup.c:3866: read 16 bytes
2009-06-28 16:06:27 [DEBUG]: if_spmd.c:416: spmd LOGIN ok: 250 OK
2009-06-28 16:06:27 [DEBUG]: ike_spmif.c:69:ike_spmif_init(): spmif_socket: 5
2009-06-28 16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use
2009-06-28 16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use
2009-06-28
16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(2001:db8:0:2:221:63ff:fe30:5e7b[500]): Address already in use
2009-06-28
16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::221:63ff:fe30:5e7b%ath0[500]): Address already in use
2009-06-28 16:06:27 [INFO]: main.c:417:main(): starting iked for racoon2 20071227d
2009-06-28 16:06:27 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-28 16:06:27 [DEBUG]: netlink.c:89:rtsock_process(): len 64
2009-06-28 16:06:27 [DEBUG]: netlink.c:111:rtsock_process(): type 20
2009-06-28 16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use
2009-06-28 16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use
2009-06-28 16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:2:221:63ff:fe30:5e7b[500]): Address already in use
2009-06-28
16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::221:63ff:fe30:5e7b%ath0[500]): Address already in use
2009-06-28 16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use
2009-06-28 16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use
2009-06-28
16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(2001:db8:0:2:221:63ff:fe30:5e7b[500]): Address already in use
2009-06-28
16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::221:63ff:fe30:5e7b%ath0[500]): Address already in use
2009-06-28 16:06:28 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-28 16:06:28 [DEBUG]: netlink.c:89:rtsock_process(): len 64
2009-06-28 16:06:28 [DEBUG]: netlink.c:111:rtsock_process(): type 20
2009-06-28 16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use
2009-06-28 16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use
2009-06-28
16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(2001:db8:0:2:221:63ff:fe30:5e7b[500]): Address already in use
2009-06-28
16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::221:63ff:fe30:5e7b%ath0[500]): Address already in use
2009-06-28 16:06:29 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use
2009-06-28 16:06:29 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use
2009-06-28
16:06:29 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(2001:db8:0:2:221:63ff:fe30:5e7b[500]): Address already in use
2009-06-28 16:06:29 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(fe80::221:63ff:fe30:5e7b%ath0[500]): Address already in use
2009-06-28 16:06:30 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-28 16:06:30 [DEBUG]: netlink.c:89:rtsock_process(): len 64
2009-06-28 16:06:30 [DEBUG]: netlink.c:111:rtsock_process(): type 20



________________________________
Dari: "support-request at ml.nautilus6.org" <support-request at ml.nautilus6.org>
Kepada: support at ml.nautilus6.org
Terkirim: Sabtu, 27 Juni, 2009 10:00:01
Judul: Support Digest, Vol 44, Issue 15

Send Support mailing list submissions to
    support at ml.nautilus6.org

To subscribe or unsubscribe via the World Wide Web, visit
    http://ml.nautilus6.org/mailman/listinfo/support
or, via email, send a message with subject or body 'help' to
    support-request at ml.nautilus6.org

You can reach the person managing the list at
    support-owner at ml.nautilus6.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Support digest..."


Today's Topics:

   1. Re: can't move to foreign network (dynamic keyring with
      racoon2) (Sebastien Decugis)


----------------------------------------------------------------------

Message: 1
Date: Sat, 27 Jun 2009 11:38:56 +0900
From: Sebastien Decugis <sdecugis at hongo.wide.ad.jp>
Subject: Re: [support] can't move to foreign network (dynamic keyring
    with racoon2)
To: Brama Subhifajar <first_shaboo at yahoo.com>
Cc: support at ml.nautilus6.org
Message-ID: <4A458640.30005 at hongo.wide.ad.jp>
Content-Type: text/plain; charset=UTF-8


> I try with sending ping to CN, when daemon mip6d is started (going to
> home network) there is "invalid argument" message error then replay
> again from CN.
> 
> but when I move to foreign network the debug mip6d daemon is not run
> again and ping message say "invalid argument" then say "operation not
> permitted", after that I can't back or move to other network.
> 
> can somebody help me?


It looks like your SA are not created properly. Try debugging IKEv2
exchange first...

Regards,
Sebastien.


------------------------------

_______________________________________________
Support mailing list
Support at ml.nautilus6.org
http://ml.nautilus6.org/mailman/listinfo/support


End of Support Digest, Vol 44, Issue 15
***************************************



      &quot;Coba Yahoo! Mail baru yang LEBIH CEPAT. Rasakan bedanya sekarang! 
http://id.mail.yahoo.com&quot;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ml.nautilus6.org/pipermail/support/attachments/20090629/c3513ffd/attachment-0001.htm

More information about the Support mailing list