Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th February 2008, 10:34
marwooj marwooj is offline
Junior Member
 
Join Date: Oct 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default Racoon Roadwarrior Configuration

Whenever I try:
racoonctl vc -u user my.ip
I am getting:
send: Bad file descriptor
What could be the problem?
Reply With Quote
Sponsored Links
  #2  
Old 16th February 2008, 17:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

What's in your /etc/racoon/racoon.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 18th February 2008, 08:50
marwooj marwooj is offline
Junior Member
 
Join Date: Oct 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi,
There is :



log debug;
path certificate "/etc/racoon";

listen {
adminsock "/var/racoon/racoon.sock" "root" "operator" 0660;
}

remote XX.XX.XXX.XXX {
exchange_mode aggressive;
ca_type x509 "cacert.pem";
proposal_check strict;
nat_traversal on;
verify_cert off;
ike_frag on;
mode_cfg on;
script "/etc/racoon/phase1-up.sh" phase1_up;
script "/etc/racoon/phase1-down.sh" phase1_down;
passive off;
proposal {
encryption_algorithm aes;
hash_algorithm md5;
authentication_method hybrid_rsa_client;
dh_group 2;
}
}


sainfo anonymous {
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm aes;
authentication_algorithm hmac_md5;
compression_algorithm deflate ;
}

Last edited by marwooj; 20th February 2008 at 21:23.
Reply With Quote
  #4  
Old 19th February 2008, 13:16
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

What are the outputs of
Code:
ls -l /var/racoon/racoon.sock
ls -l /etc/racoon/phase1-up.sh
ls -l /etc/racoon/phase1-down.sh
ls -la /etc/racoon
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 20th February 2008, 21:20
marwooj marwooj is offline
Junior Member
 
Join Date: Oct 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi,
That would be

srw-rw---- 1 root operator 0 2008-02-20 21:14 racoon.sock

-rwxr-xr-x 1 root operator 2101 2006-09-30 23:22 /etc/racoon/phase1-up.sh

-rwxr-xr-x 1 root operator 1926 2006-09-30 23:22 /etc/racoon/phase1-down.sh


drwxr-xr-x 2 root root 4096 2008-02-20 20:16 .
drwxr-xr-x 148 root root 12288 2008-02-20 19:11 ..
-rw-r--r-- 1 root operator 1180 2008-02-20 20:16 cacert.pem
-rwxr-xr-x 1 root operator 1926 2006-09-30 23:22 phase1-down.sh
-rwxr-xr-x 1 root operator 2101 2006-09-30 23:22 phase1-up.sh
-rw------- 1 root root 275 2007-07-19 19:03 psk.txt
-rw-r--r-- 1 root operator 807 2008-02-20 20:17 racoon.conf
-rw-r--r-- 1 root root 1000 2007-07-19 19:03 racoon-tool.conf
Reply With Quote
  #6  
Old 21st February 2008, 17:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Can you try this?
Code:
chmod 666 /var/racoon/racoon.sock
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 24th February 2008, 14:32
marwooj marwooj is offline
Junior Member
 
Join Date: Oct 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
Can you try this?
Code:
chmod 666 /var/racoon/racoon.sock

It does not help, even user root is getting this
send: Bad file descriptor
Reply With Quote
  #8  
Old 24th February 2008, 14:53
marwooj marwooj is offline
Junior Member
 
Join Date: Oct 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

more symptoms:
root@desktop:/etc/racoon# racoonctl show-event
send: Bad file descriptor
root@desktop:/etc/racoon# racoonctl reload-config
send: Bad file descriptor
Reply With Quote
  #9  
Old 24th February 2008, 15:23
marwooj marwooj is offline
Junior Member
 
Join Date: Oct 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have changed my conf to:
adminsock "/var/run/racoon/racoon.sock" "root" "operator" 0660;

and connection works fine, so the problem was with directory permissions

Now I howe some routing/netfilter problems - I can ping everything in local nad remote lan, i have TCP to local lan and only too racoon gateway(it is also router and firewall of remote lan in one box), but nothing else :-(. I will try to resolve it now
Reply With Quote
  #10  
Old 4th May 2009, 12:21
pixel.hu pixel.hu is offline
Junior Member
 
Join Date: Feb 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default certificate problem

Hi!

I get the following error and I can't google up anything that
works...

***
[root@mail1 Templates]# openssl req -new -x509 -extensions v3_ca -keyout privateKey/cakey.pem -out cacert.pem -days 3650 -config ./openssl.cnf
error on line -1 of ./openssl.cnf
31310:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('./openssl.cnf','rb')
31310:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
31310:error:0E078072:configuration file routinesEF_LOAD:no such file:conf_def.c:197:
***

I run it as root, so I dont think there are permission problems.

I tried it on ubuntu 8.04 and fedora 10, but i get the very same error...

Yours sincererly

Laszlo Balogh
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 21:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.