[Openswan Users] Issue with openswan opening a TCP port that conflicts with another service

Muhammad El-Sergani msergani at gmail.com
Mon Jul 30 19:08:03 EDT 2012 

Would be helpful as well if you could post your ipsec.conf file, as well as
any includes.

Sent from my Galaxy Tab
On Jul 31, 2012 1:06 AM, "Muhammad El-Sergani" <msergani at gmail.com> wrote:

> Hello Igor,
>
> I need to check my setup, this looks weird.
> Are you running IPSec from CLI or through command service?
>
> Also (and I'm. Of sure of that's normal or not, never checked) why are you
> having two identical processes for Pluto running? Both with different PIDs.
>
> Sent from my Galaxy Tab
> On Jul 31, 2012 12:54 AM, "Igor Lasic" <ilasic at yahoo.com> wrote:
>
>>  Hello Muhammad, thanks for responding.
>>
>> I am seeing TCP port 3082 opened as in below. We have also tried with
>> port 3081 and got the same result where pluto took it.
>>
>> Unfortunately we cannot guarantee the order in which services will start
>> and cannot use other means such as SE security.
>>
>> netstat -nap | grep 3082
>> *tcp        0      0 0.0.0.0:3082                0.0.0.0:*
>> LISTEN      7450/sh*
>> tcp        0      0 127.0.0.1:3082              127.0.0.1:44259
>> SYN_RECV    -
>> tcp        0      0 127.0.0.1:3082              127.0.0.1:44261
>> SYN_RECV    -
>> tcp        0      0 127.0.0.1:3082              127.0.0.1:45281
>> SYN_RECV    -
>> tcp      349      0 127.0.0.1:3082              127.0.0.1:49980
>> CLOSE_WAIT  -
>> tcp      345      0 127.0.0.1:3082              127.0.0.1:34400
>> CLOSE_WAIT  -
>> tcp      343      0 127.0.0.1:3082              127.0.0.1:49530
>> CLOSE_WAIT  -
>> tcp        0    345 127.0.0.1:44259             127.0.0.1:3082
>> FIN_WAIT1   -
>> tcp        0    329 127.0.0.1:44261             127.0.0.1:3082
>> FIN_WAIT1   -
>> tcp        0    329 127.0.0.1:45281             127.0.0.1:3082
>> ESTABLISHED 25856/httpd
>>
>> root at lang-armagent-2a ~]# ps -ef | grep 7450
>> root      *7450     *1  0 Jul23 ?        00:00:00* /bin/sh
>> /usr/lib64/ipsec/_plutorun *--debug  --uniqueids yes --force_busy no
>> --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive
>> --protostack netkey --force_keepalive no --disable_port_floating no
>> --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12--listen  --crlcheckinterval 0 --ocspuri  --nhelpers  --secctx_attr_value
>> --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error
>> --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
>> root      7452  7450  0 Jul23 ?        00:00:00 /bin/sh
>> /usr/lib64/ipsec/_plutorun --debug  --uniqueids yes --force_busy no
>> --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive
>> --protostack netkey --force_keepalive no --disable_port_floating no
>> --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12--listen  --crlcheckinterval 0 --ocspuri  --nhelpers  --secctx_attr_value
>> --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error
>> --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
>> root      7455  7450  0 Jul23 ?        00:00:00 /bin/sh
>> /usr/lib64/ipsec/_plutoload --wait no --post
>> root     28674  3185  0 22:39 pts/0    00:00:00 grep 7450
>>
>> On 7/30/2012 6:29 PM, Muhammad El-Sergani wrote:
>>
>> Hello Igor, what's that port number?
>> This shouldn't happen I believe.
>>
>> Sent from my Galaxy Tab
>> On Jul 31, 2012 12:28 AM, "Igor Lasic" <ilasic at yahoo.com> wrote:
>>
>>>  Hello everyone,
>>>
>>> I have a problem where openswan ipsec opens out a TCP port when it
>>> starts that conflicts with our web service;.
>>>
>>> It appears the TCP port is not fixed as we've attempted to use a
>>> different port and ipsec service still showed up as listening on that port.
>>>
>>> Anyone know what is the port used for and can the port be configured or
>>> can the "feature" be disabled?
>>>
>>> Thanks,
>>>
>>> Igor
>>>
>>>
>>>
>>> _______________________________________________
>>> Users at lists.openswan.org
>>> https://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120731/8aa73dd7/attachment-0001.html>

More information about the Users mailing list