thr3ads.net - LARTC - ipsec and x509 certificate [Feb 2007]

If this information is useful, please help other people find it:
Share via:

Caleb Cushing

2007-Feb-03 20:56 UTC

ipsec and x509 certificate

hi I''m trying to get ipsec working with x509 certificates however I
just can''t seem to. I''ve hit a road block and was wondering if
someone
could help me figure it out. my racoon.conf (I have it mirrored on the
connecting machine.

path pre_shared_key "/etc/racoon/psk.txt";
path certificate    "/etc/certs";

remote anonymous
{
     exchange_mode aggressive,main;

     my_identifier asn1dn;
     peers_identifier asn1dn;

     lifetime time 2 min;   # sec,min,hour
     initial_contact on;
     proposal_check obey;     # obey, strict or claim

     certificate_type x509 "slave1.public" "slave1.private";

     proposal {
             encryption_algorithm 3des;
             hash_algorithm sha1;
             authentication_method rsasig;
             dh_group 2 ;
     }
}

sainfo anonymous
{
     pfs_group 1;
     lifetime time 2 min;
     encryption_algorithm 3des ;
     authentication_algorithm hmac_sha1;
          compression_algorithm deflate ;
}

remote 192.168.0.29
{
     exchange_mode aggressive,main;
     my_identifier asn1dn;
     peers_identifier asn1dn;

     certificate_type x509 "slave1.public" "slave1.private";

     peers_certfile "slave2.public";

     proposal {
          encryption_algorithm 3des;
          hash_algorithm sha1;
          authentication_method rsasig;
          dh_group 2 ;
     }
}

my racoon.log says this
2007-02-01 15:12:54: INFO: @(#)ipsec-tools 0.6.3
(http://ipsec-tools.sourceforge.net)
2007-02-01 15:12:54: INFO: @(#)This product linked OpenSSL 0.9.8d 28
Sep 2006 (http://www.openssl.org/)
2007-02-01 15:12:54: ERROR: failed to bind to address 127.0.0.1[500]
(Address already in use).
2007-02-01 15:12:54: ERROR: failed to bind to address
207.179.73.150[500] (Address already in use).
2007-02-01 15:12:54: ERROR: failed to bind to address 192.168.1.2[500]
(Address already in use).
2007-02-01 15:12:54: ERROR: failed to bind to address 192.168.0.1[500]
(Address already in use).
2007-02-01 15:12:54: ERROR: no address could be bound.
2007-02-01 15:34:02: INFO: @(#)ipsec-tools 0.6.3
(http://ipsec-tools.sourceforge.net)
2007-02-01 15:34:02: INFO: @(#)This product linked OpenSSL 0.9.8d 28
Sep 2006 (http://www.openssl.org/)
2007-02-01 15:34:02: WARNING: /etc/racoon/racoon.conf:42:
""slave2.public" This directive without certtype will be removed!

2007-02-01 15:34:02: WARNING: /etc/racoon/racoon.conf:42:
""slave2.public" Please use ''peers_certfile x509
"slave2.public";''
instead

2007-02-01 15:34:02: ERROR: failed to bind to address 127.0.0.1[500]
(Address already in use).
2007-02-01 15:34:02: ERROR: failed to bind to address <my public
IP>[500] (Address already in use).
2007-02-01 15:34:02: ERROR: failed to bind to address 192.168.1.2[500]
(Address already in use).
2007-02-01 15:34:02: ERROR: failed to bind to address 192.168.0.1[500]
(Address already in use).
2007-02-01 15:34:02: ERROR: no address could be bound.

how do I get it to be bound? is it possible to have it not bound?

Maybe Matching Threads

Search for more apparently analagous threads

LARTC - Feb 2007 - ipsec and x509 certificate

ipsec and x509 certificate

Maybe Matching Threads

Wisdom of the Ancients