Running racoonctl fails each time with this error: # racoonctl reload-config send: Bad file descriptor # racoonctl show-sa isakmp send: Bad file descriptor and so on. I looked at access rights, but can't figure it out: # ls -la /var/racoon/ total 8 drwxr-xr-x 2 root root 4096 Feb 18 00:17 . drwxr-xr-x 15 root root 4096 Feb 15 23:26 .. srw-rw---- 1 root root 0 Feb 18 00:17 racoon.sock # ls -la /etc/racoon total 28 drwxr-xr-x 4 root root 4096 Feb 18 00:41 . drwxr-xr-x 89 root root 4096 Feb 17 23:57 .. drwxr-xr-x 2 root root 4096 Feb 12 19:57 certs -r-------- 1 root root 341 Feb 9 10:53 psk.txt -rw-r--r-- 1 root root 1412 Feb 15 23:28 racoon.conf -rw-r--r-- 1 root root 1351 Dec 5 08:47 racoon.conf_OLD drwxr-x--- 2 root root 4096 Feb 17 23:54 scripts Reproducible: Always Steps to Reproduce: 1. Install with defaults and use sample files in /usr/share/doc/ipsec-tools-0.8.0/samples/roadwarrior/client/ 2. Run setkey -f /etc/ipsec.conf 3. Run racoonctl [some_command] Actual Results: racoonctl fails to run, with error: "send: Bad file descriptor" Expected Results: It shouldn't error really (or offer a more meaningful message? ) PS. Is racoon2 incorporated in ipsec-tools, or is the latter using the depracated racoon IKEv1?
Can you give me your "emerge --info ipsec-tools". I want to reproduce this and then I'll debug it.
Emerge --info as requested: ==================================================== # emerge --info ipsec-tools Portage 2.1.10.44 (default/linux/amd64/10.0/desktop, gcc-4.5.3, glibc-2.13-r4, 3.2.1-gentoo-r2 x86_64) ================================================================= System Settings ================================================================= System uname: Linux-3.2.1-gentoo-r2-x86_64-Intel-R-_Core-TM-_i7_CPU_Q_720_@_1.60GHz-with-gentoo-2.0.3 Timestamp of tree: Wed, 29 Feb 2012 17:45:01 +0000 app-shells/bash: 4.1_p9 dev-lang/python: 2.7.2-r3, 3.1.4-r3, 3.2.2 dev-util/cmake: 2.8.6-r4 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.9.8.4 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.9.6-r3, 1.11.1 sys-devel/binutils: 2.21.1-r1 sys-devel/gcc: 4.5.3-r2 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r1 sys-kernel/linux-headers: 3.1 (virtual/os-headers) sys-libs/glibc: 2.13-r4 Repositories: gentoo enlightenment x-portage ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA AdobeFlash-10.3" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--quiet-build=n" FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fail-clean fixlafiles news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox" FFLAGS="" GENTOO_MIRRORS="http://10.10.10.5:1024/ http://gentoo.virginmedia.com/ http://gentoo.tiscali.nl/ http://de-mirror.org/distro/gentoo/ http://gentoo.mneisen.org/ http://mirror.mdfnet.se/mirror/gentoo http://gentoo.wheel.sk/ http://gentoo.mirror.pw.edu.pl/" LANG="en_GB.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en_GB en" MAKEOPTS="-j5 -l12.8" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/enlightenment /usr/local/portage" SYNC="rsync://10.10.10.5/gentoo-portage" USE="X a52 aac acl acpi alsa amd64 amr apng berkdb bluetooth branding bzip2 cairo cdda cddb cdparanoia cdr chroot cli consolekit cracklib crypt css cups cxx dbus dell dri dts dvd dvdr emboss encode exif faac fam firefox flac fortran fts3 gdbm gdu gif gpm hddtemp hpijs iconv imagemagick ipv6 irda jpeg kde lcms ldap libnotify libv4l2 live lm_sensors logrotate mad mmx mmxext mng modules mp3 mp4 mpeg mudflap multilib ncurses network-cron new-hpcups nls nodrm nptl nptlonly nsplugin obex ogg opengl openmp pam pango pcre pdf png policykit ppds pppd qt3support qt4 quicktime rdesktop readline redland rtmp sdl semantic-desktop session shout smime spell sqlite sse sse2 sse4_1 ssl ssse3 startup-notification svg sysfs tcpd tiff truetype udev unicode usb v4l2 vaapi vnc vorbis vpx wps x264 xcb xml xorg xulrunner xv xvid xvmc zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="synaptics evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB en" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="radeon r600" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= net-firewall/ipsec-tools-0.8.0-r1 was built with the following: USE="hybrid ipv6 ldap (multilib) nat pam readline -idea -kerberos -rc5 (-selinux) -stats" ==================================================== -- Regards, Mick
(In reply to comment #0) > Running racoonctl fails each time with this error: > > # racoonctl reload-config > send: Bad file descriptor > > # racoonctl show-sa isakmp > send: Bad file descriptor > Okay I think this is the result of misconfiguration of racoon. When racoon was not configured properly and I ran racoonctl, I got this error message. When configured correctly, it worked: soft32 racoon # racoonctl show-sa isakmp Destination Cookies Created 192.168.3.25.500 b56cbf425b7c87ab:3f1be9b5792d7f5d 2012-03-06 16:32:16 Its not a helpful error message, but I don't know where its coming from. So rather than address it there, I think I'll approach this a different way. Since configuring ipsec-tools is a pita, what I'm going to do is install some out of the box configs as guides with BIG WARNINGS saying read the official IPSec howto and change your secrets! That might help. We should discuss your particular situation more, but let's move it to the forums with a section on roadwarrior. Bug reports are not meant as support, so don't misinterpret my closing this bug invalid as not wanting to help.
Hmmm .... I thought that my setup is OK because I can connect to servers behind the gateway when I ran /etc/init.d/racoon start. Perhaps something is wrong with my config regardless. BTW I am not using pre-shared key, but certificates. Not sure if this makes any difference. Thanks for looking into it. -- Regards, Mick
(In reply to comment #4) > Hmmm .... I thought that my setup is OK because I can connect to servers > behind the gateway when I ran /etc/init.d/racoon start. Perhaps something > is wrong with my config regardless. BTW I am not using pre-shared key, but > certificates. Not sure if this makes any difference. > > Thanks for looking into it. > -- > Regards, > Mick When I push ipsec-tools-0.8.0-r3 to the tree in a day or so, take a look at my sample configs and compare them to what you have. Maybe you'll have suggestions for even more elaborate sample configs. I can see about adding those and we can kill two birds with one stone: enhance the package with samples and solve your problem.
Thanks I'll keep an eye out for it. Meanwhile, I've posted at the forums as suggested: http://forums.gentoo.org/viewtopic-p-6977674.html -- Regards, Mick
