[Openswan Users] Issue with openswan opening a TCP port that conflicts with another service
Muhammad El-Sergani
msergani at gmail.com
Mon Jul 30 19:06:40 EDT 2012
Hello Igor,
I need to check my setup, this looks weird.
Are you running IPSec from CLI or through command service?
Also (and I'm. Of sure of that's normal or not, never checked) why are you
having two identical processes for Pluto running? Both with different PIDs.
Sent from my Galaxy Tab
On Jul 31, 2012 12:54 AM, "Igor Lasic" <ilasic at yahoo.com> wrote:
> Hello Muhammad, thanks for responding.
>
> I am seeing TCP port 3082 opened as in below. We have also tried with port
> 3081 and got the same result where pluto took it.
>
> Unfortunately we cannot guarantee the order in which services will start
> and cannot use other means such as SE security.
>
> netstat -nap | grep 3082
> *tcp 0 0 0.0.0.0:3082 0.0.0.0:*
> LISTEN 7450/sh*
> tcp 0 0 127.0.0.1:3082 127.0.0.1:44259
> SYN_RECV -
> tcp 0 0 127.0.0.1:3082 127.0.0.1:44261
> SYN_RECV -
> tcp 0 0 127.0.0.1:3082 127.0.0.1:45281
> SYN_RECV -
> tcp 349 0 127.0.0.1:3082 127.0.0.1:49980
> CLOSE_WAIT -
> tcp 345 0 127.0.0.1:3082 127.0.0.1:34400
> CLOSE_WAIT -
> tcp 343 0 127.0.0.1:3082 127.0.0.1:49530
> CLOSE_WAIT -
> tcp 0 345 127.0.0.1:44259 127.0.0.1:3082
> FIN_WAIT1 -
> tcp 0 329 127.0.0.1:44261 127.0.0.1:3082
> FIN_WAIT1 -
> tcp 0 329 127.0.0.1:45281 127.0.0.1:3082
> ESTABLISHED 25856/httpd
>
> root at lang-armagent-2a ~]# ps -ef | grep 7450
> root *7450 *1 0 Jul23 ? 00:00:00* /bin/sh
> /usr/lib64/ipsec/_plutorun *--debug --uniqueids yes --force_busy no
> --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive
> --protostack netkey --force_keepalive no --disable_port_floating no
> --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12--listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value
> --dump --opts --stderrlog --wait no --pre --post --log daemon.error
> --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
> root 7452 7450 0 Jul23 ? 00:00:00 /bin/sh
> /usr/lib64/ipsec/_plutorun --debug --uniqueids yes --force_busy no
> --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive
> --protostack netkey --force_keepalive no --disable_port_floating no
> --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12--listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value
> --dump --opts --stderrlog --wait no --pre --post --log daemon.error
> --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
> root 7455 7450 0 Jul23 ? 00:00:00 /bin/sh
> /usr/lib64/ipsec/_plutoload --wait no --post
> root 28674 3185 0 22:39 pts/0 00:00:00 grep 7450
>
> On 7/30/2012 6:29 PM, Muhammad El-Sergani wrote:
>
> Hello Igor, what's that port number?
> This shouldn't happen I believe.
>
> Sent from my Galaxy Tab
> On Jul 31, 2012 12:28 AM, "Igor Lasic" <ilasic at yahoo.com> wrote:
>
>> Hello everyone,
>>
>> I have a problem where openswan ipsec opens out a TCP port when it starts
>> that conflicts with our web service;.
>>
>> It appears the TCP port is not fixed as we've attempted to use a
>> different port and ipsec service still showed up as listening on that port.
>>
>> Anyone know what is the port used for and can the port be configured or
>> can the "feature" be disabled?
>>
>> Thanks,
>>
>> Igor
>>
>>
>>
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120731/7b0b229a/attachment.html>
More information about the Users
mailing list