[Openswan Users] Issue with openswan opening a TCP port that conflicts with another service
Muhammad El-Sergani
msergani at gmail.com
Mon Jul 30 19:08:03 EDT 2012
Would be helpful as well if you could post your ipsec.conf file, as well as
any includes.
Sent from my Galaxy Tab
On Jul 31, 2012 1:06 AM, "Muhammad El-Sergani" <msergani at gmail.com> wrote:
> Hello Igor,
>
> I need to check my setup, this looks weird.
> Are you running IPSec from CLI or through command service?
>
> Also (and I'm. Of sure of that's normal or not, never checked) why are you
> having two identical processes for Pluto running? Both with different PIDs.
>
> Sent from my Galaxy Tab
> On Jul 31, 2012 12:54 AM, "Igor Lasic" <ilasic at yahoo.com> wrote:
>
>> Hello Muhammad, thanks for responding.
>>
>> I am seeing TCP port 3082 opened as in below. We have also tried with
>> port 3081 and got the same result where pluto took it.
>>
>> Unfortunately we cannot guarantee the order in which services will start
>> and cannot use other means such as SE security.
>>
>> netstat -nap | grep 3082
>> *tcp 0 0 0.0.0.0:3082 0.0.0.0:*
>> LISTEN 7450/sh*
>> tcp 0 0 127.0.0.1:3082 127.0.0.1:44259
>> SYN_RECV -
>> tcp 0 0 127.0.0.1:3082 127.0.0.1:44261
>> SYN_RECV -
>> tcp 0 0 127.0.0.1:3082 127.0.0.1:45281
>> SYN_RECV -
>> tcp 349 0 127.0.0.1:3082 127.0.0.1:49980
>> CLOSE_WAIT -
>> tcp 345 0 127.0.0.1:3082 127.0.0.1:34400
>> CLOSE_WAIT -
>> tcp 343 0 127.0.0.1:3082 127.0.0.1:49530
>> CLOSE_WAIT -
>> tcp 0 345 127.0.0.1:44259 127.0.0.1:3082
>> FIN_WAIT1 -
>> tcp 0 329 127.0.0.1:44261 127.0.0.1:3082
>> FIN_WAIT1 -
>> tcp 0 329 127.0.0.1:45281 127.0.0.1:3082
>> ESTABLISHED 25856/httpd
>>
>> root at lang-armagent-2a ~]# ps -ef | grep 7450
>> root *7450 *1 0 Jul23 ? 00:00:00* /bin/sh
>> /usr/lib64/ipsec/_plutorun *--debug --uniqueids yes --force_busy no
>> --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive
>> --protostack netkey --force_keepalive no --disable_port_floating no
>> --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12--listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value
>> --dump --opts --stderrlog --wait no --pre --post --log daemon.error
>> --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
>> root 7452 7450 0 Jul23 ? 00:00:00 /bin/sh
>> /usr/lib64/ipsec/_plutorun --debug --uniqueids yes --force_busy no
>> --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive
>> --protostack netkey --force_keepalive no --disable_port_floating no
>> --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12--listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value
>> --dump --opts --stderrlog --wait no --pre --post --log daemon.error
>> --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
>> root 7455 7450 0 Jul23 ? 00:00:00 /bin/sh
>> /usr/lib64/ipsec/_plutoload --wait no --post
>> root 28674 3185 0 22:39 pts/0 00:00:00 grep 7450
>>
>> On 7/30/2012 6:29 PM, Muhammad El-Sergani wrote:
>>
>> Hello Igor, what's that port number?
>> This shouldn't happen I believe.
>>
>> Sent from my Galaxy Tab
>> On Jul 31, 2012 12:28 AM, "Igor Lasic" <ilasic at yahoo.com> wrote:
>>
>>> Hello everyone,
>>>
>>> I have a problem where openswan ipsec opens out a TCP port when it
>>> starts that conflicts with our web service;.
>>>
>>> It appears the TCP port is not fixed as we've attempted to use a
>>> different port and ipsec service still showed up as listening on that port.
>>>
>>> Anyone know what is the port used for and can the port be configured or
>>> can the "feature" be disabled?
>>>
>>> Thanks,
>>>
>>> Igor
>>>
>>>
>>>
>>> _______________________________________________
>>> Users at lists.openswan.org
>>> https://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120731/8aa73dd7/attachment-0001.html>
More information about the Users
mailing list