hi I''m trying to get ipsec working with x509 certificates however I
just can''t seem to. I''ve hit a road block and was wondering if
someone
could help me figure it out. my racoon.conf (I have it mirrored on the
connecting machine.
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/certs";
remote anonymous
{
exchange_mode aggressive,main;
my_identifier asn1dn;
peers_identifier asn1dn;
lifetime time 2 min; # sec,min,hour
initial_contact on;
proposal_check obey; # obey, strict or claim
certificate_type x509 "slave1.public" "slave1.private";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 1;
lifetime time 2 min;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
remote 192.168.0.29
{
exchange_mode aggressive,main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "slave1.public" "slave1.private";
peers_certfile "slave2.public";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2 ;
}
}
my racoon.log says this
2007-02-01 15:12:54: INFO: @(#)ipsec-tools 0.6.3
(http://ipsec-tools.sourceforge.net)
2007-02-01 15:12:54: INFO: @(#)This product linked OpenSSL 0.9.8d 28
Sep 2006 (http://www.openssl.org/)
2007-02-01 15:12:54: ERROR: failed to bind to address 127.0.0.1[500]
(Address already in use).
2007-02-01 15:12:54: ERROR: failed to bind to address
207.179.73.150[500] (Address already in use).
2007-02-01 15:12:54: ERROR: failed to bind to address 192.168.1.2[500]
(Address already in use).
2007-02-01 15:12:54: ERROR: failed to bind to address 192.168.0.1[500]
(Address already in use).
2007-02-01 15:12:54: ERROR: no address could be bound.
2007-02-01 15:34:02: INFO: @(#)ipsec-tools 0.6.3
(http://ipsec-tools.sourceforge.net)
2007-02-01 15:34:02: INFO: @(#)This product linked OpenSSL 0.9.8d 28
Sep 2006 (http://www.openssl.org/)
2007-02-01 15:34:02: WARNING: /etc/racoon/racoon.conf:42:
""slave2.public" This directive without certtype will be removed!
2007-02-01 15:34:02: WARNING: /etc/racoon/racoon.conf:42:
""slave2.public" Please use ''peers_certfile x509
"slave2.public";''
instead
2007-02-01 15:34:02: ERROR: failed to bind to address 127.0.0.1[500]
(Address already in use).
2007-02-01 15:34:02: ERROR: failed to bind to address <my public
IP>[500] (Address already in use).
2007-02-01 15:34:02: ERROR: failed to bind to address 192.168.1.2[500]
(Address already in use).
2007-02-01 15:34:02: ERROR: failed to bind to address 192.168.0.1[500]
(Address already in use).
2007-02-01 15:34:02: ERROR: no address could be bound.
how do I get it to be bound? is it possible to have it not bound?
