[support] can't move to foreign network (dynamic keyring with racoon2)

Brama Subhifajar first_shaboo at yahoo.com
Mon Jun 29 17:31:32 JST 2009 

hi,

yes, it is another Iked run (default start on start up, I think this configuration is from installer) :

root at cnc-111040277-HA:~# ps aux |grep spmd
root      5099  0.0  0.1   3364   952 ?        Ss   15:13   0:00 /usr/sbin/spmd
root      6011  0.0  0.1   2976   752 pts/0    R+   15:24   0:00 grep spmd
root at cnc-111040277-HA:~# ps aux |grep iked
root      5206  0.0  0.1   3708   728 ?        Ss   15:13   0:00 /usr/sbin/iked
root      6013  0.0  0.1   2972   748 pts/0    R+   15:24   0:00 grep iked
root at cnc-111040277-HA:~# kill 5099 5206
root at cnc-111040277-HA:~# ps aux |grep spmd
root      6015  0.0  0.1   2976   748 pts/0    R+   15:24   0:00 grep spmd
root at cnc-111040277-HA:~# ps aux |grep iked
root      6017  0.0  0.1   2976   752 pts/0    R+   15:24   0:00 grep iked
root at cnc-111040277-HA:~# 

I made iked stoped and run the new one with "spmd -Fddd" and "iked -Fddd -D 0 -l iked.log" but I still can't move to foriegn network

here is the log iked:

===> HA

2009-06-28 15:00:15 [INFO]: main.c:300:main(): starting iked for racoon2 20071227d
2009-06-28 15:00:15 [INFO]: main.c:303:main(): OPENSSLDIR: "/usr/lib/ssl"
2009-06-28 15:00:15 [INFO]: main.c:314:main(): reading config /etc/racoon2/racoon2.conf
2009-06-28 15:00:16 [DEBUG]: ike_pfkey.c:180:sadb_init(): pfkey_socket: 3
2009-06-28 15:00:16 [DEBUG]: ike_conf.c:4126:ike_conf_check_consistency(): checking configuration
2009-06-28 15:00:16 [DEBUG]: algorithm.c:499:alg_oakley_encdef(): encryption(aes)
2009-06-28 15:00:16 [DEBUG]: algorithm.c:499:alg_oakley_encdef(): encryption(3des)
2009-06-28 15:00:16 [INTERNAL_WARN]: ike_conf.c:3769:ike_conf_check_ikev2(): remote (default) ikev2 ipsec_sa_nego_time_limit configuration field support is unimplemented, ignored
2009-06-28 15:00:16 [INTERNAL_WARN]: ike_conf.c:4218:ike_conf_check_consistency(): configuration errors: 0, warnings: 1
2009-06-28 15:00:16 [DEBUG]: netlink.c:58:rtsock_init(): rtnetlink_socket: 4
2009-06-28 15:00:16 [DEBUG]: if_spmd.c:354: spmd I/F connection ok: 220 3A3FCA59F9B3FC1F7F7E3DA08040EB10CCBC6FFF
2009-06-28 15:00:16 [DEBUG]: cfsetup.c:3866: read 16 bytes
2009-06-28 15:00:16 [DEBUG]: if_spmd.c:416: spmd LOGIN ok: 250 OK
2009-06-28 15:00:16 [DEBUG]: ike_spmif.c:69:ike_spmif_init(): spmif_socket: 5
2009-06-28 15:00:16 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 6 bind 127.0.0.1[500]
2009-06-28 15:00:16 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 7 bind ::1[500]
2009-06-28 15:00:16 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 8 bind 2001:db8:0:1::1[500]
2009-06-28 15:00:16 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 9 bind fe80::21a:92ff:fed6:3f45%eth0[500]
2009-06-28 15:00:16 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 10 bind 2001:db8:0:2::1[500]
2009-06-28 15:00:16 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 11 bind fe80::21e:58ff:fe31:c1c3%eth1[500]
2009-06-28 15:00:16 [INFO]: main.c:417:main(): starting iked for racoon2 20071227d
2009-06-28 15:10:29 [DEBUG]: if_pfkeyv2.c:279: X_SPDDELETE2 message is not interesting because pid 5932 is not mine
2009-06-28 15:10:29 [DEBUG]: if_pfkeyv2.c:279: X_SPDDELETE2 message is not interesting because pid 5932 is not mine
2009-06-28 15:10:29 [DEBUG]: if_pfkeyv2.c:279: X_SPDDELETE2 message is not interesting because pid 5932 is not mine
2009-06-28 15:10:29 [DEBUG]: if_pfkeyv2.c:279: X_SPDDELETE2 message is not interesting because pid 5932 is not mine
2009-06-28 15:10:29 [INTERNAL_ERR]: if_spmd.c:1011: spmd I/F: closed
2009-06-28 15:10:29 [INTERNAL_ERR]: ike_spmif.c:87:ike_spmif_poll(): 0:? - ?:(nil):spmd I/F broken: This is fatal and iked needs to be restarted
2009-06-28 15:10:29 [INFO]: main.c:530:iked_exit(): exiting (code 1)

==> MN

2009-06-29 08:07:12 [INFO]: main.c:300:main(): starting iked for racoon2 20071227d
2009-06-29 08:07:12 [INFO]: main.c:303:main(): OPENSSLDIR: "/usr/lib/ssl"
2009-06-29 08:07:12 [INFO]: main.c:314:main(): reading config /etc/racoon2/racoon2.conf
2009-06-29 08:07:12 [DEBUG]: ike_pfkey.c:180:sadb_init(): pfkey_socket: 3
2009-06-29 08:07:12 [DEBUG]: ike_conf.c:4126:ike_conf_check_consistency(): checking configuration
2009-06-29 08:07:12 [DEBUG]: netlink.c:58:rtsock_init(): rtnetlink_socket: 4
2009-06-29 08:07:12 [DEBUG]: if_spmd.c:354: spmd I/F connection ok: 220 31C5A59937C8B828650FD6F3AEF43DC5A8E5CA39
2009-06-29 08:07:12 [DEBUG]: cfsetup.c:3866: read 16 bytes
2009-06-29 08:07:12 [DEBUG]: if_spmd.c:416: spmd LOGIN ok: 250 OK
2009-06-29 08:07:12 [DEBUG]: ike_spmif.c:69:ike_spmif_init(): spmif_socket: 5
2009-06-29 08:07:12 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 6 bind 127.0.0.1[500]
2009-06-29 08:07:12 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 7 bind ::1[500]
2009-06-29 08:07:12 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 8 bind 2001:db8:0:2:221:63ff:fe30:5e7b[500]
2009-06-29 08:07:12 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 9 bind fe80::221:63ff:fe30:5e7b%ath0[500]
2009-06-29 08:07:12 [INFO]: main.c:417:main(): starting iked for racoon2 20071227d
2009-06-29 08:07:14 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-29 08:07:14 [DEBUG]: netlink.c:89:rtsock_process(): len 64
2009-06-29 08:07:14 [DEBUG]: netlink.c:111:rtsock_process(): type 20
   .
   .
   .
2009-06-29 08:07:39 [DEBUG]: netlink.c:89:rtsock_process(): len 64
2009-06-29 08:07:39 [DEBUG]: netlink.c:111:rtsock_process(): type 20
2009-06-29 08:07:39 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 10 bind 2001:db8:0:2::2[500]
2009-06-29 08:07:39 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 11 bind fe80::221:63ff:fe30:5e7b%ip6tnl1[500]
2009-06-29 08:07:39 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-29 08:07:39 [DEBUG]: netlink.c:89:rtsock_process(): len 656
   .
   .
   .
2009-06-29 08:08:22 [DEBUG]: netlink.c:89:rtsock_process(): len 64
2009-06-29 08:08:22 [DEBUG]: netlink.c:111:rtsock_process(): type 21
2009-06-29 08:08:22 [DEBUG]: isakmp.c:323:isakmp_close_socklist(): closing socket 8 bind 2001:db8:0:2:221:63ff:fe30:5e7b[500]
2009-06-29 08:08:25 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-29 08:08:25 [DEBUG]: netlink.c:89:rtsock_process(): len 64
2009-06-29 08:08:25 [DEBUG]: netlink.c:111:rtsock_process(): type 21
2009-06-29 08:08:25 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:3:221:63ff:fe30:5e7b[500]): Cannot assign requested address
2009-06-29 08:08:25 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-29 08:08:25 [DEBUG]: netlink.c:89:rtsock_process(): len 640
2009-06-29 08:08:25 [DEBUG]: netlink.c:111:rtsock_process(): type 16
2009-06-29 08:08:25 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:3:221:63ff:fe30:5e7b[500]): Cannot assign requested address
2009-06-29 08:08:25 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-29 08:08:25 [DEBUG]: netlink.c:89:rtsock_process(): len 640
2009-06-29 08:08:25 [DEBUG]: netlink.c:111:rtsock_process(): type 16
2009-06-29 08:08:25 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:3:221:63ff:fe30:5e7b[500]): Cannot assign requested address
2009-06-29 08:08:26 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:3:221:63ff:fe30:5e7b[500]): Cannot assign requested address
2009-06-29 08:08:26 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-29 08:08:26 [DEBUG]: netlink.c:89:rtsock_process(): len 64
2009-06-29 08:08:26 [DEBUG]: netlink.c:111:rtsock_process(): type 20
2009-06-29 08:08:26 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:3:221:63ff:fe30:5e7b[500]): Cannot assign requested address
2009-06-29 08:08:27 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-29 08:08:27 [DEBUG]: netlink.c:89:rtsock_process(): len 64
2009-06-29 08:08:27 [DEBUG]: netlink.c:111:rtsock_process(): type 20
2009-06-29 08:08:27 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 8 bind 2001:db8:0:3:221:63ff:fe30:5e7b[500]
2009-06-29 08:08:27 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-29 08:08:27 [DEBUG]: netlink.c:89:rtsock_process(): len 64
2009-06-29 08:08:27 [DEBUG]: netlink.c:111:rtsock_process(): type 20
2009-06-29 08:08:27 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket
2009-06-29 08:08:27 [DEBUG]: netlink.c:89:rtsock_process(): len 64
2009-06-29 08:08:27 [DEBUG]: netlink.c:111:rtsock_process(): type 21
2009-06-29 08:08:27 [DEBUG]: ike_pfkey.c:723:sadb_x_migrate_callback(): sadb_x_migrate_callback: dir=outbound, sa_src=::[0], sa_dst=::[0], sa2_src=2001:db8:0:3:221:63ff:fe30:5e7b[0], sa2_dst=2001:db8:0:2::1[0], kma_loc=2001:db8:0:3:221:63ff:fe30:5e7b[0], kma_remote=2001:db8:0:2::1[0]
2009-06-29 08:08:27 [DEBUG]: ike_pfkey.c:723:sadb_x_migrate_callback(): sadb_x_migrate_callback: dir=inbound, sa_src=::[0], sa_dst=::[0], sa2_src=2001:db8:0:2::1[0], sa2_dst=2001:db8:0:3:221:63ff:fe30:5e7b[0], kma_loc=2001:db8:0:3:221:63ff:fe30:5e7b[0], kma_remote=2001:db8:0:2::1[0]
2009-06-29 08:08:27 [DEBUG]: ike_pfkey.c:723:sadb_x_migrate_callback(): sadb_x_migrate_callback: dir=outbound, sa_src=::[0], sa_dst=::[0], sa2_src=2001:db8:0:3:221:63ff:fe30:5e7b[0], sa2_dst=2001:db8:0:2::1[0], kma_loc=2001:db8:0:3:221:63ff:fe30:5e7b[0], kma_remote=2001:db8:0:2::1[0]
2009-06-29 08:08:27 [DEBUG]: ike_pfkey.c:723:sadb_x_migrate_callback(): sadb_x_migrate_callback: dir=inbound, sa_src=::[0], sa_dst=::[0], sa2_src=2001:db8:0:2::1[0], sa2_dst=2001:db8:0:3:221:63ff:fe30:5e7b[0], kma_loc=2001:db8:0:3:221:63ff:fe30:5e7b[0], kma_remote=2001:db8:0:2::1[0]
2009-06-29 08:08:27 [DEBUG]: ike_pfkey.c:723:sadb_x_migrate_callback(): sadb_x_migrate_callback: dir=outbound, sa_src=2001:db8:0:2::2[0], sa_dst=2001:db8:0:2::1[0], sa2_src=2001:db8:0:3:221:63ff:fe30:5e7b[0], sa2_dst=2001:db8:0:2::1[0], kma_loc=2001:db8:0:3:221:63ff:fe30:5e7b[0], kma_remote=2001:db8:0:2::1[0]
2009-06-29 08:08:27 [INFO]: ike_pfkey.c:808:sadb_x_migrate_callback(): move selector(0x80f15f8) with sl_index(TunnelPayload_out)
2009-06-29 08:08:27 [DEBUG]: ike_pfkey.c:723:sadb_x_migrate_callback(): sadb_x_migrate_callback: dir=inbound, sa_src=2001:db8:0:2::1[0], sa_dst=2001:db8:0:2::2[0], sa2_src=2001:db8:0:2::1[0], sa2_dst=2001:db8:0:3:221:63ff:fe30:5e7b[0], kma_loc=2001:db8:0:3:221:63ff:fe30:5e7b[0], kma_remote=2001:db8:0:2::1[0]
2009-06-29 08:08:27 [DEBUG]: ike_pfkey.c:624:sadb_acquire_callback(): sadb_acquire_callback: seq=1 satype=96 sa_src=2001:db8:0:2::2[0] sa_dst=2001:db8:0:2::1[0] ike_loc=(null) samode=92 selid=177
2009-06-29 08:08:27 [DEBUG]: if_spmd.c:847: SLID ok: 250 HomeRegBinding_out
2009-06-29 08:08:27 [DEBUG]: ikev2.c:751:ikev2_initiate(): creating new ike_sa
2009-06-29 08:08:27 [DEBUG]: ike_sa.c:412:ikev2_allocate_sa(): ikev2_create_sa((nil), 2001:db8:0:3:221:63ff:fe30:5e7b[500], 2001:db8:0:2::1[500], 0x80f6848)
2009-06-29 08:08:27 [DEBUG]: ike_sa.c:415:ikev2_allocate_sa(): sa: 0x80f6b68
2009-06-29 08:08:27 [DEBUG]: ikev2.c:781:ikev2_initiate(): child_sa: 0x80f6d40
2009-06-29 08:08:27 [DEBUG]: ikev2_child.c:139:ikev2_child_state_set(): child_sa 0x80f6d40 state IDLING -> GETSPI
2009-06-29 08:08:27 [DEBUG]: ike_pfkey.c:271:sadb_getspi(): sadb_getspi: seq=1, satype=96
2009-06-29 08:08:27 [DEBUG]: ike_pfkey.c:461:sadb_getspi_callback(): sadb_getspi_callback: seq=1, spi=0x09ef9529, satype=96, sa_src=2001:db8:0:2::1[0], sa_dst=2001:db8:0:2::2[0]
2009-06-29 08:08:27 [DEBUG]: ikev2_child.c:139:ikev2_child_state_set(): child_sa 0x80f6d40 state GETSPI -> GETSPI_DONE
2009-06-29 08:08:27 [DEBUG]: ikev2.c:853:ikev2_initiator_start(): no DH group defined for peer
2009-06-29 08:08:27 [INTERNAL_ERR]: ikev2.c:934:ikev2_initiator_start(): 1:2001:db8:0:3:221:63ff:fe30:5e7b[500] - 2001:db8:0:2::1[500]:(nil):failed to send IKE_SA_INIT
2009-06-29 08:08:27 [DEBUG]: ike_sa.c:263:ikev2_abort(): ikev2_abort(0x80f6b68, 111)
2009-06-29 08:08:27 [INFO]: ike_sa.c:264:ikev2_abort(): 1:2001:db8:0:3:221:63ff:fe30:5e7b[500] - 2001:db8:0:2::1[500]:(nil):aborting ike_sa
2009-06-29 08:08:27 [DEBUG]: ikev2.c:653:ikev2_set_state(): 1:2001:db8:0:3:221:63ff:fe30:5e7b[500] - 2001:db8:0:2::1[500]:(nil):ike_sa 0x80f6b68 state IDLING -> DYING
2009-06-29 08:08:27 [DEBUG]: ike_sa.c:271:ikev2_abort(): child_sa 0x80f6d40 state 2
2009-06-29 08:08:27 [DEBUG]: ikev2_child.c:139:ikev2_child_state_set(): child_sa 0x80f6d40 state GETSPI_DONE -> EXPIRED
2009-06-29 08:08:27 [DEBUG]: ikev2.c:653:ikev2_set_state(): 1:2001:db8:0:3:221:63ff:fe30:5e7b[500] - 2001:db8:0:2::1[500]:(nil):ike_sa 0x80f6b68 state DYING -> DEAD
2009-06-29 08:08:30 [DEBUG]: ike_sa.c:225:ikev2_sa_periodic_task(): ike_sa: 0x80f6b68 state 8
2009-06-29 08:08:30 [DEBUG]: ike_sa.c:230:ikev2_sa_periodic_task(): child_sa: 0x80f6d40 state 5
2009-06-29 08:08:30 [DEBUG]: ike_sa.c:234:ikev2_sa_periodic_task(): deallocating child_sa 0x80f6d40
2009-06-29 08:08:30 [DEBUG]: ike_pfkey.c:257:sadb_request_finish(): 0x80f6d58
2009-06-29 08:08:30 [DEBUG]: ike_sa.c:242:ikev2_sa_periodic_task(): deallocating ike_sa 0x80f6b68
2009-06-29 08:08:30 [DEBUG]: ike_sa.c:837:ikev2_dispose_sa(): ikev2_dispose_sa(0x80f6b68)
2009-06-29 08:08:52 [INFO]: main.c:639:handle_sigint(): received SIGINT
2009-06-29 08:08:52 [INFO]: main.c:664:terminate_iked(): exiting iked


thanks before.







________________________________
Dari: "support-request at ml.nautilus6.org" <support-request at ml.nautilus6.org>
Kepada: support at ml.nautilus6.org
Terkirim: Senin, 29 Juni, 2009 10:00:02
Judul: Support Digest, Vol 44, Issue 17

Send Support mailing list submissions to
    support at ml.nautilus6.org

To subscribe or unsubscribe via the World Wide Web, visit
    http://ml.nautilus6.org/mailman/listinfo/support
or, via email, send a message with subject or body 'help' to
    support-request at ml.nautilus6.org

You can reach the person managing the list at
    support-owner at ml.nautilus6.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Support digest..."


Today's Topics:

   1. Re: can't move to foreign network (dynamic keyring with
      racoon2) (Sebastien Decugis)


----------------------------------------------------------------------

Message: 1
Date: Mon, 29 Jun 2009 08:27:07 +0900
From: Sebastien Decugis <sdecugis at hongo.wide.ad.jp>
Subject: Re: [support] can't move to foreign network (dynamic keyring
    with racoon2)
To: Brama Subhifajar <first_shaboo at yahoo.com>
Cc: support at ml.nautilus6.org
Message-ID: <4A47FC4B.6040306 at hongo.wide.ad.jp>
Content-Type: text/plain; charset=UTF-8

> 2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
> bind(127.0.0.1[500]): Address already in use
> 2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
> bind(::1[500]): Address already in use
> 2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
> bind(2001:db8:0:1::1[500]): Address already in use
> 2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
> bind(fe80::21a:92ff:fed6:3f45%eth0[500]): Address already in use
> 2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
> bind(2001:db8:0:2::1[500]): Address already in use
> 2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
> bind(fe80::21e:58ff:fe31:c1c3%eth1[500]): Address already in use

It seems that something is already bound on your port 500. (several
instances of iked or another daemon maybe). Fix this issue first before
attempting to have working dynamic keying with mip6d.

Best regards,
Sebastien.


------------------------------

_______________________________________________
Support mailing list
Support at ml.nautilus6.org
http://ml.nautilus6.org/mailman/listinfo/support


End of Support Digest, Vol 44, Issue 17
***************************************



      Akses email lebih cepat. Yahoo! menyarankan Anda meng-upgrade browser ke Internet Explorer 8 baru yang dioptimalkan untuk Yahoo! Dapatkan di sini! 
http://downloads.yahoo.com/id/internetexplorer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ml.nautilus6.org/pipermail/support/attachments/20090629/54bc8741/attachment-0001.htm

More information about the Support mailing list