Hi Daniel, Here are the logs that I have taken on both the hosts systems.
strings /usr/lib/ipsec/charon | grep "waiting for data on raw socket" host1 - it printed the string host2 - no output. *Host-2* netstat --raw -a -p Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name netstat --ip -a -p -n udp 0 0 0.0.0.0:32768 0.0.0.0:* 2379/avahi-daemon: udp 0 0 0.0.0.0:4500 0.0.0.0:* 19475/charon udp 0 0 0.0.0.0:853 0.0.0.0:* 1949/rpc.statd udp 0 0 0.0.0.0:856 0.0.0.0:* 1949/rpc.statd udp 0 0 0.0.0.0:5353 0.0.0.0:* 2379/avahi-daemon: udp 0 0 127.0.0.1:500 0.0.0.0:* 19470/pluto udp 0 0 10.10.10.5:500 0.0.0.0:* 19470/pluto udp 0 0 10.120.165.230:500 0.0.0.0:* 19470/pluto udp 0 0 0.0.0.0:500 0.0.0.0:* 19475/charon udp 0 0 0.0.0.0:631 0.0.0.0:* 2153/cupsd *Host - 1* FBM# netstat -wa Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State raw 0 0 *:17 *:* 0 netstat -laeuw Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 *:echo *:* udp 0 0 *:780 *:* udp 0 0 *:4500 *:* udp 0 0 192.168.255.116:9012 *:* udp 0 0 127.0.0.1:1232 *:* udp 0 0 127.0.0.1:1233 *:* udp 0 0 192.168.254.255:1234 *:* udp 0 0 192.168.254.6:1234 *:* udp 0 0 127.0.0.1:isakmp *:* udp 0 0 192.168.254.6:isakmp *:* udp 0 0 192.168.255.116:isakmp *:* udp 0 0 192.168.255.101:isakmp *:* udp 0 0 10.10.10.2:isakmp *:* udp 0 0 *:isakmp *:* udp 0 0 192.168.254.6:1274 *:* udp 0 0 192.168.255.101:ntp *:* udp 0 0 192.168.255.116:ntp *:* udp 0 0 192.168.254.6:ntp *:* udp 0 0 127.0.0.1:ntp *:* udp 0 0 *:ntp *:* raw 0 0 *:17 *:* 0 The commands that you gave doesnot work in host-1. It seems the netstat busy-box utility doesnt support it. As I told you yesterday that host-2 has ipv6 support whereas host-1 has only ipv4. Looking through the logs, I found that in case of host-2, charon is "waiting for data on socket" whereas in host-1, charon is "waiting for data on raw socket". Host-1 behaviour is correct since pluto and charon are both running. So in order to eliminate this ipv4/ipv6 difference, I connected two ipv4 hosts. And amazing, even with pluto running in both the hosts, I was able to establish IKE/IPSEC SA. Hence, I guess there is some issue when we have ipv6 support. Waiting for your comments on this! Thanks in advance, Ashish. On Wed, Jan 13, 2010 at 12:55 AM, Daniel Mentz < [email protected]<danielml%[email protected]> > wrote: > ashish mahalka wrote: > >> I might further add here that host1 has only ipv4 support whereas host2 >> has both ipv4 and ipv6 support. I am not sure whether this information does >> matter in the creation of the sockets for charon. >> > > I remember that there was some kind of problem related to ipv4 and ipv6 > support. Have a look at > > https://lists.strongswan.org/pipermail/users/2008-November/002925.html > > and check if this is related to your problem. > > Also please run > > netstat --raw -a -p > > and > > netstat --ip -a -p -n | grep -E ":4?500" > > and post the output. The first command should list charon in the "Program > name" column. > > Thanks > -Daniel > > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
