Mailing List Archive: socket(SOCK_RAW): Protocol not supported

socket(SOCK_RAW): Protocol not supported

justin at onyourmark

Jun 4, 2004, 6:27 PM

Post #1 of 12 (8025 views)

===[phpdev:root] /usr/local/etc > more vpnc.conf
IPSec gateway 208.23.198.215
IPSec ID ifb_group
IPSec secret [removed]
Xauth username ifb.user
Xauth password [removed]

===[phpdev:root] /usr/local/etc > vpnc --local-port 10000
socket(SOCK_RAW): Protocol not supported

The very first time I ran the command I got an error pertaining to INVALID_MESSAGE_ID, but every subsequent attempt has resulted in the SOCK_RAW error. I can provide a --debug # dump if necessary.

Any help would be greatly appreciated.
Justin Hendrickson
Justin Hendrickson justin@onyourmark.com
----------------------------------------------------------------------------
Web Development Specialist
Klein Internet Marketing Group
a division of Keith Klein & Associates, Inc.

www.kleininternet.com Phone: 262-820-8201
22603 West Main Street or: 800-747-3399
Sussex, WI 53089 Fax: 262-820-8202

socket(SOCK_RAW): Protocol not supported [ In reply to ]

massar at unix-ag

Jun 4, 2004, 6:32 PM

Post #2 of 12 (7795 views)

hi,

> ===[phpdev:root] /usr/local/etc > more vpnc.conf
> IPSec gateway 208.23.198.215
> IPSec ID ifb_group
> IPSec secret [removed]
> Xauth username ifb.user
> Xauth password [removed]
>
> ===[phpdev:root] /usr/local/etc > vpnc --local-port 10000
> socket(SOCK_RAW): Protocol not supported
>
> The very first time I ran the command I got an error pertaining to INVALID_MESSAGE_ID, but every
> subsequent attempt has resulted in the SOCK_RAW error. I can provide a --debug # dump if necessar
> y.

which OS are you using? NetBSD or FreeBSD possibly?
which version?

is there any special reason why you are using "--local-port 10000"??

cu
maurice

socket(SOCK_RAW): Protocol not supported [ In reply to ]

justin at onyourmark

Jun 4, 2004, 6:32 PM

Post #3 of 12 (7756 views)

After composing this message, I ran vpnc --local-port 1000 and got this:
expected xauth packet; rejected: INVALID_EXCHANGE_TYPE

I ran it again and got the SOCK_RAW errors again. Does the Cisco 3000-series have a temp. ban feature I might be hitting?

*********** REPLY SEPARATOR ***********

On 6/4/2004 at 11:27 AM Justin Hendrickson wrote:

>===[phpdev:root] /usr/local/etc > more vpnc.conf
>IPSec gateway 208.23.198.215
>IPSec ID ifb_group
>IPSec secret [removed]
>Xauth username ifb.user
>Xauth password [removed]
>
>===[phpdev:root] /usr/local/etc > vpnc --local-port 10000
>socket(SOCK_RAW): Protocol not supported
>
>The very first time I ran the command I got an error pertaining to
>INVALID_MESSAGE_ID, but every subsequent attempt has resulted in the
>SOCK_RAW error. I can provide a --debug # dump if necessary.
>
>Any help would be greatly appreciated.
>Justin Hendrickson
>Justin Hendrickson justin@onyourmark.com
>----------------------------------------------------------------------------
>Web Development Specialist
>Klein Internet Marketing Group
>a division of Keith Klein & Associates, Inc.
>
>www.kleininternet.com Phone: 262-820-8201
>22603 West Main Street or: 800-747-3399
>Sussex, WI 53089 Fax: 262-820-8202
>
>
>_______________________________________________
>vpnc-devel mailing list
>vpnc-devel@unix-ag.uni-kl.de
>http://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
>http://www.unix-ag.uni-kl.de/~massar/vpnc/

Justin Hendrickson justin@onyourmark.com
----------------------------------------------------------------------------
Web Development Specialist
Klein Internet Marketing Group
a division of Keith Klein & Associates, Inc.

www.kleininternet.com Phone: 262-820-8201
22603 West Main Street or: 800-747-3399
Sussex, WI 53089 Fax: 262-820-8202

socket(SOCK_RAW): Protocol not supported [ In reply to ]

justin at onyourmark

Jun 4, 2004, 6:38 PM

Post #4 of 12 (7742 views)

I'm using FreeBSD 4.10-PRERELEASE.

I was instructed by the VPN server administrator to use the 10000 port.

*********** REPLY SEPARATOR ***********

On 6/4/2004 at 6:32 PM Maurice Massar wrote:

>hi,
>
>> ===[phpdev:root] /usr/local/etc > more vpnc.conf
>> IPSec gateway 208.23.198.215
>> IPSec ID ifb_group
>> IPSec secret [removed]
>> Xauth username ifb.user
>> Xauth password [removed]
>>
>> ===[phpdev:root] /usr/local/etc > vpnc --local-port 10000
>> socket(SOCK_RAW): Protocol not supported
>>
>> The very first time I ran the command I got an error pertaining to
>INVALID_MESSAGE_ID, but every
>> subsequent attempt has resulted in the SOCK_RAW error. I can provide a
>--debug # dump if necessar
>> y.
>
>which OS are you using? NetBSD or FreeBSD possibly?
>which version?
>
>is there any special reason why you are using "--local-port 10000"??
>
>cu
>maurice
>_______________________________________________
>vpnc-devel mailing list
>vpnc-devel@unix-ag.uni-kl.de
>http://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
>http://www.unix-ag.uni-kl.de/~massar/vpnc/

Justin Hendrickson justin@onyourmark.com
----------------------------------------------------------------------------
Web Development Specialist
Klein Internet Marketing Group
a division of Keith Klein & Associates, Inc.

www.kleininternet.com Phone: 262-820-8201
22603 West Main Street or: 800-747-3399
Sussex, WI 53089 Fax: 262-820-8202

socket(SOCK_RAW): Protocol not supported [ In reply to ]

massar at unix-ag

Jun 4, 2004, 6:38 PM

Post #5 of 12 (7739 views)

hi,

> After composing this message, I ran vpnc --local-port 1000 and got this:
> expected xauth packet; rejected: INVALID_EXCHANGE_TYPE
>
> I ran it again and got the SOCK_RAW errors again. Does the Cisco 3000-series have a temp. ban fea
> ture I might be hitting?

I don't think so... it is just vpnc getting pakets it did not expect..
(for examples those from the connections vpnc started but never finished)

which vpnc version are you using?

> *********** REPLY SEPARATOR ***********

http://learn.to/quote/
http://www.netmeister.org/news/learn2quote.html

cu
maurice

socket(SOCK_RAW): Protocol not supported [ In reply to ]

justin at onyourmark

Jun 4, 2004, 6:39 PM

Post #6 of 12 (7751 views)

===[phpdev:root] /usr/local/etc > vpnc --version
vpnc version 0.2-rm+zomb.1

*********** REPLY SEPARATOR ***********

On 6/4/2004 at 6:38 PM Maurice Massar wrote:

>hi,
>
>> After composing this message, I ran vpnc --local-port 1000 and got this:
>> expected xauth packet; rejected: INVALID_EXCHANGE_TYPE
>>
>> I ran it again and got the SOCK_RAW errors again. Does the Cisco
>3000-series have a temp. ban fea
>> ture I might be hitting?
>
>I don't think so... it is just vpnc getting pakets it did not expect..
>(for examples those from the connections vpnc started but never finished)
>
>which vpnc version are you using?
>
>> *********** REPLY SEPARATOR ***********
>
>http://learn.to/quote/
>http://www.netmeister.org/news/learn2quote.html
>
>cu
>maurice
>_______________________________________________
>vpnc-devel mailing list
>vpnc-devel@unix-ag.uni-kl.de
>http://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
>http://www.unix-ag.uni-kl.de/~massar/vpnc/

Justin Hendrickson justin@onyourmark.com
----------------------------------------------------------------------------
Web Development Specialist
Klein Internet Marketing Group
a division of Keith Klein & Associates, Inc.

www.kleininternet.com Phone: 262-820-8201
22603 West Main Street or: 800-747-3399
Sussex, WI 53089 Fax: 262-820-8202

socket(SOCK_RAW): Protocol not supported [ In reply to ]

massar at unix-ag

Jun 4, 2004, 6:41 PM

Post #7 of 12 (7756 views)

hi,

> I'm using FreeBSD 4.10-PRERELEASE.
>
> I was instructed by the VPN server administrator to use the 10000 port.

that does not quite make sense ...

port 10000 is used by an obscure NAT-Traversal method of cisco which
vpnc does not support, and probably never will (since there is a
NAT-T internet draft with a public documented method to do NAT-T)

> *********** REPLY SEPARATOR ***********

http://learn.to/quote/
http://www.netmeister.org/news/learn2quote.html

cu
maurice

socket(SOCK_RAW): Protocol not supported [ In reply to ]

justin at onyourmark

Jun 4, 2004, 6:48 PM

Post #8 of 12 (7729 views)

On 6/4/2004 at 6:41 PM Maurice Massar wrote:
>that does not quite make sense ...
>
>port 10000 is used by an obscure NAT-Traversal method of cisco which
>vpnc does not support, and probably never will (since there is a
>NAT-T internet draft with a public documented method to do NAT-T)
>

Without the --local-port 10000 I get the following:

===[phpdev:root] /usr/local/etc > vpnc
configuration response rejected: INVALID_MESSAGE_ID
Justin Hendrickson justin@onyourmark.com
----------------------------------------------------------------------------
Web Development Specialist
Klein Internet Marketing Group
a division of Keith Klein & Associates, Inc.

www.kleininternet.com Phone: 262-820-8201
22603 West Main Street or: 800-747-3399
Sussex, WI 53089 Fax: 262-820-8202

socket(SOCK_RAW): Protocol not supported [ In reply to ]

massar at unix-ag

Jun 4, 2004, 6:54 PM

Post #9 of 12 (7734 views)

hi,

> Without the --local-port 10000 I get the following:
>
> ===[phpdev:root] /usr/local/etc > vpnc
> configuration response rejected: INVALID_MESSAGE_ID

wait a bit to let the connections at the concentrator end time out..
I am sure that the socket(SOCK_RAW) will stay, unless you change
something about your kernel ... I don't what the critical things
about FreeBSD are, because I don't have a time/possiblity to test them,
but maybe someone else using vpnc on FreeBSD can help?

cu
maurice

socket(SOCK_RAW): Protocol not supported [ In reply to ]

justin at onyourmark

Jun 4, 2004, 6:58 PM

Post #10 of 12 (7732 views)

On 6/4/2004 at 6:54 PM Maurice Massar wrote:
>I am sure that the socket(SOCK_RAW) will stay, unless you change
>something about your kernel ... I don't what the critical things
>about FreeBSD are, because I don't have a time/possiblity to test them,
>but maybe someone else using vpnc on FreeBSD can help?

Thank you for your time helping me out with this. It's refreshing to get quick, informative responces about *nix software!

On a side note, do you know of any alternative methods to connect to Cisco 3000-model VPN Concentrators?
Justin Hendrickson justin@onyourmark.com
----------------------------------------------------------------------------
Web Development Specialist
Klein Internet Marketing Group
a division of Keith Klein & Associates, Inc.

www.kleininternet.com Phone: 262-820-8201
22603 West Main Street or: 800-747-3399
Sussex, WI 53089 Fax: 262-820-8202

socket(SOCK_RAW): Protocol not supported [ In reply to ]

c.lackas at fz-juelich

Jun 4, 2004, 8:31 PM

Post #11 of 12 (7733 views)

* Justin Hendrickson <justin@onyourmark.com> [040604 18:35]:

Hallo Justin,

> ===[phpdev:root] /usr/local/etc > vpnc --local-port 10000
> socket(SOCK_RAW): Protocol not supported

I guess you are using FreeBSD 4.

Did you read /usr/ports/security/vpnc/pkg-message:

If vpnc under FreeBSD 4 fails with

socket(SOCK_RAW): Protocol not supported

check your kernel configuration. The ESP protocol may be only
enabled for FAST_IPSEC (this cannot be configured together with
IPSEC). See LINT for further details.

Under FreeBSD 5 vpnc should work without any IPSEC enabled.

Did you turn on FAST_IPSEC as requested?

Regards,
Christian

--
Forschungszentrum Juelich Central Institute For Electronics (ZEL)
Leo-Brandt-Strasse 52425 Juelich, Germany
Tel: +49-2461-61 2425 Fax: +49-2461-61 3990

socket(SOCK_RAW): Protocol not supported [ In reply to ]

c.lackas at fz-juelich

Jun 4, 2004, 9:53 PM

Post #12 of 12 (7727 views)

* Justin Hendrickson <justin@onyourmark.com> [040604 21:42]:
> On 6/4/2004 at 8:31 PM Christian Lackas wrote:

> >I guess you are using FreeBSD 4.
> >Did you read /usr/ports/security/vpnc/pkg-message:
> >Did you turn on FAST_IPSEC as requested?
> I removed those and rebuild the kernel and got the following:
> xform_ah.o(.text+0x29): undefined reference to `auth_hash_hmac_sha1_96'
> xform_ah.o(.text+0x31): undefined reference to `auth_hash_hmac_ripemd_160_96'

In my LINT it says:

Experimental IPsec implementation that uses the kernel crypto
framework. [...] To use this you must also configure the crypto
device (see below). [...]

> I'm going to move over to a FreeBSD mailing list and see if I can't
> get some help on that issue, unless you have any experience with this
> error message.

And your error messages just look like you didn't enable the crypto device:

pseudo-device crypto # core crypto support
pseudo-device cryptodev # /dev/crypto for access to h/w (optional)

Regards,
Christian

--
Forschungszentrum Juelich Central Institute For Electronics (ZEL)
Leo-Brandt-Strasse 52425 Juelich, Germany
Tel: +49-2461-61 2425 Fax: +49-2461-61 3990