[Swan-dev] bind failure in find_raw_ifaces4()
Paul Wouters
paul at nohats.ca
Tue Aug 23 23:53:24 EEST 2022
On Tue, 23 Aug 2022, Balaji Thoguluva wrote:
> Is there any configuration option to bind only to specific interfaces/IP address for IKE?
Yes, as I told your Oracle collegue, listen= in ipsec.conf or --listen to the pluto startup arguments.
> Aug 17 18:39:13.712975: FATAL ERROR: bind(0.0.0.0:500) failed in find_raw_ifaces4()Address already in use (errno 98)
If something is already listening to ANY, then you cannot listen to only
1 IP either. You can only bind to an unbound port.
> I noticed there is a bug around this
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1013175#c10
That bug was marked by me as not a bug, and re-opened by the reporter.
It's still not a bug.
> Is this something fixed or any workaround?
Don't try to run libreswan together with another application/IKE daemon
that binds to 0.0.0.0:500.
Note if you change that other application to bind to a single IP (say
a.b.c.d) and use listen= to bind libreswan to another IP (say a.b.c.e)
then both applications will start and do its thing, but they will both
manipulate the kernel IPsec state and not be aware of each other and
will surely fail to work together. For example, libreswan upon startup
wipes all kernel IPsec state in case there was a previous instance of
libreswan running that crashed and left kernel state.
Paul
More information about the Swan-dev
mailing list