Adrian Alvarez wrote: Hi,run "/etc/init.d/hipfw restart" on both sides and please try again. It appears that you have the queue rules in place but no hipfw running (crashed?). This causes ESP packets to be "stuck". Hope this helps...
hello again,I tried adding tcp port 1111 to ip6tqbles and we are still unable to transfer data. Here is the information of the system at the time of the issue:Responder information: SAs Sending user message 22 to HIPD on socket 3 Sent 40 bytes Waiting to receive daemon info. 216 bytes received from HIP daemon HA is ESTABLISHED Local HIT: 2001:0018:ea59:a472:459f:ec45: 0cdc:7113 Peer HIT: 2001:001a:c2da:a601:1cfd:e9dd:5719:37dc Local LSI: 1.0.0.1 Peer LSI: 1.0.0.2 Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0002 Local NAT traversal UDP port: 0 Peer IP: 3ffe:0000:0000:0000:0000:0000:0000:0004 Peer NAT traversal UDP port: 0 Peer hostname: ip xfrm src 3ffe::2 dst 3ffe::4 proto esp spi 0x70e176a1 reqid 0 mode beet replay-window 0 auth hmac(sha1) 0xbd7c623ba16ee3b08c0cfd0619d0f003940d4cec enc cbc(aes) 0x82cc95e7d55624bb2dca3ae8302a6fc4sel src 2001:18:ea59:a472:459f:ec45:cdc:7113/128 dst 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128src 3ffe::4 dst 3ffe::2 proto esp spi 0xdfcd7423 reqid 0 mode beet replay-window 0 auth hmac(sha1) 0x01db34f498c91be1ad6aa858dd765f484d69fc52 enc cbc(aes) 0x10a036d9e3558f9dbc1ff00e4e0f28e5sel src 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 dst 2001:18:ea59:a472:459f:ec45:cdc:7113/128unameLinux vault101 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 GNU/Linuxhipd_config # Format of this file is as with hipconf, but without hipconf prefix # add hi default # add all four HITs (see bug id 522) # add map HIT IP # preload some HIT-to-IP mappings to hipd# add service rvs # the host acts as HIP rendezvous (see also /etc/hip/relay_config) # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to rendezvous serverhit-to-ip on # resolve HITs to locators in dynamic DNS zone# hit-to-ip set hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net/>. # resolve HITs to locators in dynamic DNS zonensupdate off # send dynamic DNS updates # heartbeat 10 # send ICMPv6 messages inside HIP tunnels# add server rvs hiprvs.infrahip.net <http://hiprvs.infrahip.net/> 50000 # Register to free RVS at infrahip opendht off # turn DHT support on (use /etc/hip/dhtservers to define the used server)# locator on # host sends all of its locators in base exchange # opp normal|advanced|none # transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL) #nat plain-udp # use UDP capsulation (for NATted environments) debug medium # debug verbosity: all, medium or none iptables Chain INPUT (policy ACCEPT)target prot opt source destination HIPFW-INPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>Chain FORWARD (policy ACCEPT)target prot opt source destination HIPFW-FORWARD all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>Chain OUTPUT (policy ACCEPT)target prot opt source destination HIPFW-OUTPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>Chain HIPFW-FORWARD (1 references)target prot opt source destinationChain HIPFW-INPUT (1 references)target prot opt source destinationChain HIPFW-OUTPUT (1 references)target prot opt source destination QUEUE all -- 0.0.0.0/0 <http://0.0.0.0/0> 1.0.0.0/8 <http://1.0.0.0/8>ip6tables Chain INPUT (policy ACCEPT)target prot opt source destination HIPFW-INPUT all ::/0 ::/0Chain FORWARD (policy ACCEPT)target prot opt source destination HIPFW-FORWARD all ::/0 ::/0Chain OUTPUT (policy ACCEPT)target prot opt source destination HIPFW-OUTPUT all ::/0 ::/0Chain HIPFW-FORWARD (1 references)target prot opt source destinationChain HIPFW-INPUT (1 references)target prot opt source destination QUEUE all ::/0 2001:10::/28ps aux|grep hip nobody 3615 0.0 0.0 14668 2504 pts/0 S+ 11:30 0:00 hipd root 4916 0.0 0.0 3336 788 pts/3 R+ 11:43 0:00 grep hip ps aux|grep dns root 4918 0.0 0.0 3336 788 pts/3 R+ 11:43 0:00 grep dns Initiator's info Sending user message 22 to HIPD on socket 3 Sent 40 bytes Waiting to receive daemon info. 216 bytes received from HIP daemon HA is ESTABLISHED Local HIT: 2001:001a:c2da:a601:1cfd:e9dd:5719:37dc Peer HIT: 2001:0018:ea59:a472:459f:ec45:0cdc:7113 Local LSI: 1.0.0.1 Peer LSI: 1.0.0.2 Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0004 Local NAT traversal UDP port: 0 Peer IP: 3ffe:0000:0000:0000:0000:0000:0000:0002 Peer NAT traversal UDP port: 0 Peer hostname: vault101 src 3ffe::4 dst 3ffe::2 proto esp spi 0xdfcd7423 reqid 0 mode beet replay-window 0 auth hmac(sha1) 0x01db34f498c91be1ad6aa858dd765f484d69fc52 enc cbc(aes) 0x10a036d9e3558f9dbc1ff00e4e0f28e5sel src 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 dst 2001:18:ea59:a472:459f:ec45:cdc:7113/128src 3ffe::2 dst 3ffe::4 proto esp spi 0x70e176a1 reqid 0 mode beet replay-window 0 auth hmac(sha1) 0xbd7c623ba16ee3b08c0cfd0619d0f003940d4cec enc cbc(aes) 0x82cc95e7d55624bb2dca3ae8302a6fc4sel src 2001:18:ea59:a472:459f:ec45:cdc:7113/128 dst 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128Linux vault113 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 GNU/Linux# Format of this file is as with hipconf, but without hipconf prefix # add hi default # add all four HITs (see bug id 522) # add map HIT IP # preload some HIT-to-IP mappings to hipd# add service rvs # the host acts as HIP rendezvous (see also /etc/hip/relay_config) # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to rendezvous serverhit-to-ip on # resolve HITs to locators in dynamic DNS zone# hit-to-ip set hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net>. # resolve HITs to locators in dynamic DNS zonensupdate on # send dynamic DNS updates # heartbeat 10 # send ICMPv6 messages inside HIP tunnels# add server rvs hiprvs.infrahip.net <http://hiprvs.infrahip.net> 50000 # Register to free RVS at infrahip opendht on # turn DHT support on (use /etc/hip/dhtservers to define the used server)# locator on # host sends all of its locators in base exchange # opp normal|advanced|none # transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL) nat plain-udp # use UDP capsulation (for NATted environments) debug medium # debug verbosity: all, medium or none iptable Chain INPUT (policy ACCEPT)target prot opt source destination HIPFW-INPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> ACCEPT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> tcp dpt:1111Chain FORWARD (policy ACCEPT)target prot opt source destination HIPFW-FORWARD all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>Chain OUTPUT (policy ACCEPT)target prot opt source destination HIPFW-OUTPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>Chain HIPFW-FORWARD (1 references)target prot opt source destinationChain HIPFW-INPUT (1 references)target prot opt source destinationChain HIPFW-OUTPUT (1 references)target prot opt source destination QUEUE all -- 0.0.0.0/0 <http://0.0.0.0/0> 1.0.0.0/8 <http://1.0.0.0/8>ip6table Chain INPUT (policy ACCEPT)target prot opt source destination HIPFW-INPUT all ::/0 ::/0 ACCEPT tcp ::/0 ::/0 tcp dpt:1111Chain FORWARD (policy ACCEPT)target prot opt source destination HIPFW-FORWARD all ::/0 ::/0Chain OUTPUT (policy ACCEPT)target prot opt source destination HIPFW-OUTPUT all ::/0 ::/0Chain HIPFW-FORWARD (1 references)target prot opt source destinationChain HIPFW-INPUT (1 references)target prot opt source destination QUEUE all ::/0 2001:10::/28Chain HIPFW-OUTPUT (1 references)target prot opt source destinationnobody 13663 0.0 0.0 14792 2792 pts/0 S+ 11:36 0:00 hipd root 14735 0.0 0.0 3336 788 pts/2 R+ 11:52 0:00 grep hip root 14737 0.0 0.0 3336 792 pts/2 R+ 11:52 0:00 grep dns thanks, AdrianOn Mon, Jun 8, 2009 at 10:09 AM, Miika Komu <miika.komu@xxxxxxx <mailto:miika.komu@xxxxxxx>> wrote:Adrian Alvarez wrote: Hi, I got connection refused, but after allowing tcp port 1111 in iptables/ip6tables it started working. I added some bug reporting instructions to bugzilla. Please give all information for us to try to reproduce the problem: http://infrahip.hiit.fi/hipl/manual/ch08.html Are you running kernel version >= 2.6.27? Hi all, We are having some problems trying establish communications between two hosts using hip. We have followed the instruction of the manual very closely, however, it is impossible to transfer some date from one host to another using hip. We are using wireshark to monitor the exchange, and we were able to observe the following: 1) HIP base exchange between the two hosts is completed. 2) TCP data transfer via HIP is not realized. 3) The initiator node sends a TCP SYN with the HIT info, but the responder node fails to send an ACK back. This seems similar to Shashank's issue. Any light on this matter would be useful. Thank you all. Adrian. On Sun, Jun 7, 2009 at 3:56 PM, shashank m <shashanm@xxxxxxxxx <mailto:shashanm@xxxxxxxxx> <mailto:shashanm@xxxxxxxxx <mailto:shashanm@xxxxxxxxx>>> wrote: Hello,I was trying to connect two systems locally using hip with anIPV6 application given in the manual.*Conntest-client* and *conntest-server*.I have disabled opendht support as I have given the mapping between the HIT s and Ipv6 addresses manually using *hipconf*. after executing "Conntest-client-hip [HIT_server] tcp 1111" it prints the mapping with the hit and IPV6 address of the server and the base exchange happens but the messages are not transmitted to the server .I think that the mapping is not working properly in the code .Please do solve the problem in the client console i often see this messsae """------State established not triggering bex--------" this message comes repeatedly .I think this is only because of the mapping problem .Correct me if I am wrong. Thanks in advance, Regards, Shashank.M.