[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  "Frans King" <kingf at f333 dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] pb26 racoon error - failed to bind (Address already in use)
 Date:  Sat, 24 Jan 2004 23:41:00 +0100
On 24.01.2004, at 23:24, Frans King wrote:

> I just upgraded to the very latest release and after rebooting noticed 
> some
> racoon errors in the log file:
>
> racoon: ERROR: isakmp.c:1350:isakmp_open(): failed to bind (Address 
> already
> in use).
>
> Followed by:
>
> racoon: ERROR: isakmp.c:1373:isakmp_open(): no address could be bound.
>
> I'm using DHCP on the WAN interface and after getting another lease 
> the logs
> report:
>
> dhclient: bound to xxxx -- renewal in 25 seconds.
>
> Jan 24 22:14:09 racoon: INFO: isakmp.c:1358:isakmp_open(): 
> 127.0.0.1[500]
> used as isakmp port (fd=6)
> Jan 24 22:14:09 racoon: INFO: isakmp.c:1358:isakmp_open(): 
> 10.0.1.1[500]
> used as isakmp port (fd=7)
> Jan 24 22:14:09 racoon: INFO: isakmp.c:1358:isakmp_open(): xxxx[500] 
> used as
> isakmp port (fd=9)
> Jan 24 22:14:09 racoon: INFO: isakmp.c:1358:isakmp_open(): 
> 10.0.0.1[500]
> used as isakmp port (fd=10)
>
> Should I assume that everything is therefore okay?

Since it is now possible to have tunnels that terminate on other 
interfaces than WAN, I have changed the policy of delaying IPsec setup 
until the WAN interface is up when it has a dynamic IP address 
(DHCP/PPPoE/PPTP). Turns out that this can cause a race condition if 
the WAN connection comes up while the boot scripts are still running. 
I'm investigating and searching for a good solution.

- Manuel