[Openswan Users] Issue with openswan opening a TCP port that conflicts with another service

Igor Lasic ilasic at yahoo.com
Mon Jul 30 18:54:23 EDT 2012 

Hello Muhammad, thanks for responding.

I am seeing TCP port 3082 opened as in below. We have also tried with 
port 3081 and got the same result where pluto took it.

Unfortunately we cannot guarantee the order in which services will start 
and cannot use other means such as SE security.

netstat -nap | grep 3082
*tcp        0      0 0.0.0.0:3082 0.0.0.0:*                   LISTEN 
_7450_/sh*
tcp        0      0 127.0.0.1:3082 127.0.0.1:44259             SYN_RECV    -
tcp        0      0 127.0.0.1:3082 127.0.0.1:44261             SYN_RECV    -
tcp        0      0 127.0.0.1:3082 127.0.0.1:45281             SYN_RECV    -
tcp      349      0 127.0.0.1:3082 127.0.0.1:49980             CLOSE_WAIT  -
tcp      345      0 127.0.0.1:3082 127.0.0.1:34400             CLOSE_WAIT  -
tcp      343      0 127.0.0.1:3082 127.0.0.1:49530             CLOSE_WAIT  -
tcp        0    345 127.0.0.1:44259 127.0.0.1:3082              
FIN_WAIT1   -
tcp        0    329 127.0.0.1:44261 127.0.0.1:3082              
FIN_WAIT1   -
tcp        0    329 127.0.0.1:45281 127.0.0.1:3082              
ESTABLISHED 25856/httpd

root at lang-armagent-2a ~]# ps -ef | grep 7450
root _*7450 *_1  0 Jul23 ?        00:00:00_*/bin/sh 
/usr/lib64/ipsec/_plutorun *_--debug --uniqueids yes --force_busy no 
--nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive  
--protostack netkey --force_keepalive no --disable_port_floating no 
--virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12 
--listen --crlcheckinterval 0 --ocspuri  --nhelpers  --secctx_attr_value 
--dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error 
--plutorestartoncrash true --pid /var/run/pluto/pluto.pid
root      7452  7450  0 Jul23 ?        00:00:00 /bin/sh 
/usr/lib64/ipsec/_plutorun --debug  --uniqueids yes --force_busy no 
--nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive  
--protostack netkey --force_keepalive no --disable_port_floating no 
--virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12 
--listen --crlcheckinterval 0 --ocspuri  --nhelpers  --secctx_attr_value 
--dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error 
--plutorestartoncrash true --pid /var/run/pluto/pluto.pid
root      7455  7450  0 Jul23 ?        00:00:00 /bin/sh 
/usr/lib64/ipsec/_plutoload --wait no --post
root     28674  3185  0 22:39 pts/0    00:00:00 grep 7450

On 7/30/2012 6:29 PM, Muhammad El-Sergani wrote:
>
> Hello Igor, what's that port number?
> This shouldn't happen I believe.
>
> Sent from my Galaxy Tab
>
> On Jul 31, 2012 12:28 AM, "Igor Lasic" <ilasic at yahoo.com 
> <mailto:ilasic at yahoo.com>> wrote:
>
>     Hello everyone,
>
>     I have a problem where openswan ipsec opens out a TCP port when it
>     starts that conflicts with our web service;.
>
>     It appears the TCP port is not fixed as we've attempted to use a
>     different port and ipsec service still showed up as listening on
>     that port.
>
>     Anyone know what is the port used for and can the port be
>     configured or can the "feature" be disabled?
>
>     Thanks,
>
>     Igor
>
>
>
>     _______________________________________________
>     Users at lists.openswan.org <mailto:Users at lists.openswan.org>
>     https://lists.openswan.org/mailman/listinfo/users
>     Micropayments:
>     https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>     Building and Integrating Virtual Private Networks with Openswan:
>     http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120730/166b1605/attachment.html>

More information about the Users mailing list