<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt"><div><div>here is command I used to debug :<br>
<font size="3"><span style="font-weight: normal;"><br>
#iked -Fddd -D 0 -l iked.log<br>
<br>
</span></font></div><font size="3"><span style="font-weight: normal;">is this right?<br>
<br>
the result for HA is:<br>
<br>
2009-06-27 16:05:36 [INFO]: main.c:300:main(): starting iked for racoon2 20071227d<br>2009-06-27 16:05:36 [INFO]: main.c:303:main(): OPENSSLDIR: "/usr/lib/ssl"<br>2009-06-27 16:05:36 [INFO]:
main.c:314:main(): reading config /etc/racoon2/racoon2.conf<br>2009-06-27 16:05:37 [DEBUG]: ike_pfkey.c:180:sadb_init(): pfkey_socket: 3<br>2009-06-27 16:05:37 [DEBUG]: ike_conf.c:4126:ike_conf_check_consistency(): checking configuration<br>2009-06-27 16:05:37 [DEBUG]: algorithm.c:499:alg_oakley_encdef(): encryption(aes)<br>2009-06-27 16:05:37 [DEBUG]: algorithm.c:499:alg_oakley_encdef(): encryption(3des)<br>2009-06-27
16:05:37 [INTERNAL_WARN]: ike_conf.c:3769:ike_conf_check_ikev2():
remote (default) ikev2 ipsec_sa_nego_time_limit configuration field
support is unimplemented, ignored<br>2009-06-27 16:05:37 [INTERNAL_WARN]: ike_conf.c:4218:ike_conf_check_consistency(): configuration errors: 0, warnings: 1<br>2009-06-27 16:05:37 [DEBUG]: netlink.c:58:rtsock_init(): rtnetlink_socket: 4<br>2009-06-27 16:05:37 [DEBUG]: if_spmd.c:354: spmd I/F connection ok: 220 163958B35723536EF49BDA0B016FD62556F606BB<br>2009-06-27 16:05:37 [DEBUG]: cfsetup.c:3866: read 16
bytes<br>2009-06-27 16:05:37 [DEBUG]: if_spmd.c:416: spmd LOGIN ok: 250 OK<br>2009-06-27 16:05:37 [DEBUG]: ike_spmif.c:69:ike_spmif_init(): spmif_socket: 5<br>2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use<br>2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use<br>2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:1::1[500]): Address already in use<br>2009-06-27
16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::21a:92ff:fed6:3f45%eth0[500]): Address already in use<br>2009-06-27 16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:2::1[500]): Address already in use<br>2009-06-27
16:05:37 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::21e:58ff:fe31:c1c3%eth1[500]): Address already in use<br>2009-06-27 16:05:37 [INFO]:
main.c:417:main(): starting iked for racoon2 20071227d<br>2009-06-27 16:05:38 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use<br>2009-06-27 16:05:38 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use<br>2009-06-27 16:05:38 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:1::1[500]): Address already in use<br>2009-06-27
16:05:38 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::21a:92ff:fed6:3f45%eth0[500]): Address already in use<br>
<br>
</span></font>and for MN is :<br>
<br>
2009-06-28 16:06:26 [INFO]: main.c:300:main(): starting iked
for racoon2 20071227d<br>
2009-06-28 16:06:26 [INFO]: main.c:303:main(): OPENSSLDIR: "/usr/lib/ssl"<br>
2009-06-28 16:06:26 [INFO]: main.c:314:main(): reading config /etc/racoon2/racoon2.conf<br>
2009-06-28 16:06:27 [DEBUG]: ike_pfkey.c:180:sadb_init(): pfkey_socket: 3<br>
2009-06-28 16:06:27 [DEBUG]: ike_conf.c:4126:ike_conf_check_consistency(): checking configuration<br>
2009-06-28 16:06:27 [DEBUG]: netlink.c:58:rtsock_init(): rtnetlink_socket: 4<br>
2009-06-28 16:06:27 [DEBUG]: if_spmd.c:354: spmd I/F connection ok: 220 FD45AE5ECDA0BA8A15FEE940C9B41C56B2F425FB<br>
2009-06-28 16:06:27 [DEBUG]: cfsetup.c:3866: read 16 bytes<br>
2009-06-28 16:06:27 [DEBUG]: if_spmd.c:416: spmd LOGIN ok: 250 OK<br>
2009-06-28 16:06:27 [DEBUG]: ike_spmif.c:69:ike_spmif_init(): spmif_socket: 5<br>
2009-06-28 16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use<br>
2009-06-28 16:06:27 [INTERNAL_ERR]:
isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use<br>
2009-06-28
16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(2001:db8:0:2:221:63ff:fe30:5e7b[500]): Address already in use<br>
2009-06-28
16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::221:63ff:fe30:5e7b%ath0[500]): Address already in use<br>
2009-06-28 16:06:27 [INFO]: main.c:417:main(): starting iked for racoon2 20071227d<br>
2009-06-28 16:06:27 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket<br>
2009-06-28 16:06:27 [DEBUG]: netlink.c:89:rtsock_process(): len 64<br>
2009-06-28 16:06:27 [DEBUG]: netlink.c:111:rtsock_process(): type 20<br>
2009-06-28 16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use<br>
2009-06-28 16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use<br>
2009-06-28 16:06:27 [INTERNAL_ERR]:
isakmp.c:521:isakmp_open_address(): bind(2001:db8:0:2:221:63ff:fe30:5e7b[500]): Address already in use<br>
2009-06-28
16:06:27 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::221:63ff:fe30:5e7b%ath0[500]): Address already in use<br>
2009-06-28 16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use<br>
2009-06-28 16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use<br>
2009-06-28
16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(2001:db8:0:2:221:63ff:fe30:5e7b[500]): Address already in use<br>
2009-06-28
16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::221:63ff:fe30:5e7b%ath0[500]): Address already in use<br>
2009-06-28 16:06:28 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket<br>
2009-06-28 16:06:28 [DEBUG]: netlink.c:89:rtsock_process(): len 64<br>
2009-06-28 16:06:28 [DEBUG]:
netlink.c:111:rtsock_process(): type 20<br>
2009-06-28 16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use<br>
2009-06-28 16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use<br>
2009-06-28
16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(2001:db8:0:2:221:63ff:fe30:5e7b[500]): Address already in use<br>
2009-06-28
16:06:28 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(fe80::221:63ff:fe30:5e7b%ath0[500]): Address already in use<br>
2009-06-28 16:06:29 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(127.0.0.1[500]): Address already in use<br>
2009-06-28 16:06:29 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(::1[500]): Address already in use<br>
2009-06-28
16:06:29 [INTERNAL_ERR]: isakmp.c:521:isakmp_open_address():
bind(2001:db8:0:2:221:63ff:fe30:5e7b[500]): Address already in use<br>
2009-06-28 16:06:29
[INTERNAL_ERR]: isakmp.c:521:isakmp_open_address(): bind(fe80::221:63ff:fe30:5e7b%ath0[500]): Address already in use<br>
2009-06-28 16:06:30 [DEBUG]: netlink.c:87:rtsock_process(): reading netlink socket<br>
2009-06-28 16:06:30 [DEBUG]: netlink.c:89:rtsock_process(): len 64<br>
2009-06-28 16:06:30 [DEBUG]: netlink.c:111:rtsock_process(): type 20</div><!-- ORIGINAL --><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br><div style="font-family: arial,helvetica,sans-serif; font-size: 13px;"><font face="Tahoma" size="2"><hr size="1"><b><span style="font-weight: bold;">Dari:</span></b> "support-request@ml.nautilus6.org" <support-request@ml.nautilus6.org><br><b><span style="font-weight: bold;">Kepada:</span></b> support@ml.nautilus6.org<br><b><span style="font-weight: bold;">Terkirim:</span></b> Sabtu, 27 Juni, 2009 10:00:01<br><b><span style="font-weight: bold;">Judul:</span></b> Support Digest, Vol 44, Issue 15<br></font><br>Send Support mailing list submissions to<br> <a ymailto="mailto:support@ml.nautilus6.org" href="mailto:support@ml.nautilus6.org">support@ml.nautilus6.org</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit<br> <a
href="http://ml.nautilus6.org/mailman/listinfo/support" target="_blank">http://ml.nautilus6.org/mailman/listinfo/support</a><br>or, via email, send a message with subject or body 'help' to<br> <a ymailto="mailto:support-request@ml.nautilus6.org" href="mailto:support-request@ml.nautilus6.org">support-request@ml.nautilus6.org</a><br><br>You can reach the person managing the list at<br> <a ymailto="mailto:support-owner@ml.nautilus6.org" href="mailto:support-owner@ml.nautilus6.org">support-owner@ml.nautilus6.org</a><br><br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of Support digest..."<br><br><br>Today's Topics:<br><br> 1. Re: can't move to foreign network (dynamic keyring with<br> racoon2) (Sebastien Decugis)<br><br><br>----------------------------------------------------------------------<br><br>Message: 1<br>Date: Sat, 27 Jun 2009 11:38:56
+0900<br>From: Sebastien Decugis <<a ymailto="mailto:sdecugis@hongo.wide.ad.jp" href="mailto:sdecugis@hongo.wide.ad.jp">sdecugis@hongo.wide.ad.jp</a>><br>Subject: Re: [support] can't move to foreign network (dynamic keyring<br> with racoon2)<br>To: Brama Subhifajar <<a ymailto="mailto:first_shaboo@yahoo.com" href="mailto:first_shaboo@yahoo.com">first_shaboo@yahoo.com</a>><br>Cc: <a ymailto="mailto:support@ml.nautilus6.org" href="mailto:support@ml.nautilus6.org">support@ml.nautilus6.org</a><br>Message-ID: <<a ymailto="mailto:4A458640.30005@hongo.wide.ad.jp" href="mailto:4A458640.30005@hongo.wide.ad.jp">4A458640.30005@hongo.wide.ad.jp</a>><br>Content-Type: text/plain; charset=UTF-8<br><br><br>> I try with sending ping to CN, when daemon mip6d is started (going to<br>> home network) there is "invalid argument" message error then replay<br>> again from CN.<br>> <br>> but when I move to foreign network the
debug mip6d daemon is not run<br>> again and ping message say "invalid argument" then say "operation not<br>> permitted", after that I can't back or move to other network.<br>> <br>> can somebody help me?<br><br><br>It looks like your SA are not created properly. Try debugging IKEv2<br>exchange first...<br><br>Regards,<br>Sebastien.<br><br><br>------------------------------<br><br>_______________________________________________<br>Support mailing list<br><a ymailto="mailto:Support@ml.nautilus6.org" href="mailto:Support@ml.nautilus6.org">Support@ml.nautilus6.org</a><br><a href="http://ml.nautilus6.org/mailman/listinfo/support" target="_blank">http://ml.nautilus6.org/mailman/listinfo/support</a><br><br><br>End of Support Digest, Vol 44, Issue 15<br>***************************************<br></div></div></div><br>
<hr size=1> Coba Yahoo! Mail baru yang LEBIH CEPAT. <a href="http://id.mail.yahoo.com"> Rasakan bedanya sekarang! </a></body></html>