Re: [m0n0wall] pb26 racoon error - failed to bind (Address already in use)

From:	Manuel Kasper <mk at neon1 dot net>
To:	"Frans King" <kingf at f333 dot net>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] pb26 racoon error - failed to bind (Address already in use)
Date:	Sat, 24 Jan 2004 23:41:00 +0100

On 24.01.2004, at 23:24, Frans King wrote:

> I just upgraded to the very latest release and after rebooting noticed 
> some
> racoon errors in the log file:
>
> racoon: ERROR: isakmp.c:1350:isakmp_open(): failed to bind (Address 
> already
> in use).
>
> Followed by:
>
> racoon: ERROR: isakmp.c:1373:isakmp_open(): no address could be bound.
>
> I'm using DHCP on the WAN interface and after getting another lease 
> the logs
> report:
>
> dhclient: bound to xxxx -- renewal in 25 seconds.
>
> Jan 24 22:14:09 racoon: INFO: isakmp.c:1358:isakmp_open(): 
> 127.0.0.1[500]
> used as isakmp port (fd=6)
> Jan 24 22:14:09 racoon: INFO: isakmp.c:1358:isakmp_open(): 
> 10.0.1.1[500]
> used as isakmp port (fd=7)
> Jan 24 22:14:09 racoon: INFO: isakmp.c:1358:isakmp_open(): xxxx[500] 
> used as
> isakmp port (fd=9)
> Jan 24 22:14:09 racoon: INFO: isakmp.c:1358:isakmp_open(): 
> 10.0.0.1[500]
> used as isakmp port (fd=10)
>
> Should I assume that everything is therefore okay?

Since it is now possible to have tunnels that terminate on other 
interfaces than WAN, I have changed the policy of delaying IPsec setup 
until the WAN interface is up when it has a dynamic IP address 
(DHCP/PPPoE/PPTP). Turns out that this can cause a race condition if 
the WAN connection comes up while the boot scripts are still running. 
I'm investigating and searching for a good solution.

- Manuel