[Openswan Users] Issue with openswan opening a TCP port that conflicts with another service

Muhammad El-Sergani msergani at gmail.com
Tue Jul 31 08:01:49 EDT 2012 

Thanks Daniel,

Basically what I was wondering but well worded, thanks.

Sent from my Galaxy Tab
On Jul 31, 2012 1:59 PM, "Daniel Cave" <dan.cave at me.com> wrote:

> Hi Igor, Muhammad,
>
> The output from Igor's netstat shows that Pluto is listening on port 3082,
> and at the same time receiving SYN packets from localhost on ports 44259
> upwards..  (quite why i'm not sure)  This explains the additional processes
> spawned from the main pluto process.
>
> *My* own Openswan ipsec config on my Centos5.x box shows Pluto listening
> on port 4500 (which is default) along with port 500 for IKE/phase 1 auth
>
> [root at fcs01 ~]# netstat -npa|grep plu
> udp        0      0 127.0.0.1:4500              0.0.0.0:*
> 3806/pluto
> udp        0      0 10.23.50.68:4500          0.0.0.0:*
> 3806/pluto
> udp        0      0 10.49.73.1:4500             0.0.0.0:*
> 3806/pluto
> udp        0      0 127.0.0.1:500               0.0.0.0:*
> 3806/pluto
> udp        0      0 10.23.50.68:500           0.0.0.0:*
> 3806/pluto
> udp        0      0 10.49.73.1:500              0.0.0.0:*
> 3806/pluto
> udp        0      0 ::1:500
> :::*                                    3806/pluto
>
> Igor, I would hazard a guess that someone has edited your config
> (/etc/ipsec.d/ipsec.conf)
>
> Are doing port forwarding at your boundary router for IPsec connections
> and doing NAT by forward packets to your ipsec device/linux host - which is
> listening on ?
>
>
> On Jul 31, 2012 12:54 AM, "Igor Lasic" <ilasic at yahoo.com> wrote:
>
>> Hello Muhammad, thanks for responding.
>>
>> I am seeing TCP port 3082 opened as in below. We have also tried with
>> port 3081 and got the same result where pluto took it.
>>
>
> This part is most interesting.....you have a _lot_ of connections coming
> from localhost to localhost:3082 - since there are sys_received, close_wait
> and fin_wait packets, it implies that either Apache/httpd is configured to
> talk to Ipsecd or one of your config's is messed up badly.
>
> Time to get tcpdump and wireshark out and capture your traffic - first I
> would check network configs and stop ipsec and see what your apps are doing.
>
>
>> Unfortunately we cannot guarantee the order in which services will start
>> and cannot use other means such as SE security.
>>
>> netstat -nap | grep 3082
>> *tcp        0      0 0.0.0.0:3082                0.0.0.0:*
>> LISTEN      7450/sh*
>> tcp        0      0 127.0.0.1:3082              127.0.0.1:44259
>> SYN_RECV    -
>> tcp        0      0 127.0.0.1:3082              127.0.0.1:44261
>> SYN_RECV    -
>> tcp        0      0 127.0.0.1:3082              127.0.0.1:45281
>> SYN_RECV    -
>> tcp      349      0 127.0.0.1:3082              127.0.0.1:49980
>> CLOSE_WAIT  -
>> tcp      345      0 127.0.0.1:3082              127.0.0.1:34400
>> CLOSE_WAIT  -
>> tcp      343      0 127.0.0.1:3082              127.0.0.1:49530
>> CLOSE_WAIT  -
>> tcp        0    345 127.0.0.1:44259             127.0.0.1:3082
>> FIN_WAIT1   -
>> tcp        0    329 127.0.0.1:44261             127.0.0.1:3082
>> FIN_WAIT1   -
>> tcp        0    329 127.0.0.1:45281             127.0.0.1:3082
>> ESTABLISHED 25856/httpd
>>
>> root at lang-armagent-2a ~]# ps -ef | grep 7450
>> root      *7450     *1  0 Jul23 ?        00:00:00* /bin/sh
>> /usr/lib64/ipsec/_plutorun *--debug  --uniqueids yes --force_busy no
>> --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive
>> --protostack netkey --force_keepalive no --disable_port_floating no
>> --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12--listen  --crlcheckinterval 0 --ocspuri  --nhelpers  --secctx_attr_value
>> --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error
>> --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
>> root      7452  7450  0 Jul23 ?        00:00:00 /bin/sh
>> /usr/lib64/ipsec/_plutorun --debug  --uniqueids yes --force_busy no
>> --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive
>> --protostack netkey --force_keepalive no --disable_port_floating no
>> --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12--listen  --crlcheckinterval 0 --ocspuri  --nhelpers  --secctx_attr_value
>> --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error
>> --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
>> root      7455  7450  0 Jul23 ?        00:00:00 /bin/sh
>> /usr/lib64/ipsec/_plutoload --wait no --post
>> root     28674  3185  0 22:39 pts/0    00:00:00 grep 7450
>>
>> On 7/30/2012 6:29 PM, Muhammad El-Sergani wrote:
>>
>> Hello Igor, what's that port number?
>> This shouldn't happen I believe.
>>
>> Sent from my Galaxy Tab
>> On Jul 31, 2012 12:28 AM, "Igor Lasic" <ilasic at yahoo.com> wrote:
>>
>>> Hello everyone,
>>>
>>> I have a problem where openswan ipsec opens out a TCP port when it
>>> starts that conflicts with our web service;.
>>>
>>> It appears the TCP port is not fixed as we've attempted to use a
>>> different port and ipsec service still showed up as listening on that port.
>>>
>>> Anyone know what is the port used for and can the port be configured or
>>> can the "feature" be disabled?
>>>
>>> Thanks,
>>>
>>> Igor
>>>
>>>
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120731/eaf452c4/attachment.html>

More information about the Users mailing list