[hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application

• From: Miika Komu <miika.komu@xxxxxxx>
• To: hipl-users@xxxxxxxxxxxxx
• Date: Tue, 16 Jun 2009 20:05:17 +0300

shashank m wrote:

Hi,

you're system is running too old kernel. Please either use userspace ipsec or upgrade to 2.6.27 or higher. I hope this is now more clear in the manual:

http://infrahip.hiit.fi/hipl/manual/ch02.html

Hi ,

I have added the tcp port in the ip6 tables and restarted the hifw and still have the same problem.I am just pasting all the information of my configuration .And i dont have SELINUX enabled in my Ubuntu dist

here is the in formation at my server .it always try to connect to dht gateway though we provide mapping manually.

please do check this ,Thank s in advance .

eth0 Link encap:Ethernet HWaddr 00:1C:23:2F:1D:56 inet addr:192.168.12.165 Bcast:192.168.12.255 Mask:255.255.255.0

          inet6 addr: 2001:2::2/64 Scope:Global
          inet6 addr: fe80::21c:23ff:fe2f:1d56/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1303 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1074 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:597647 (583.6 KB)  TX bytes:169937 (165.9 KB)
          Interrupt:17


on the server console

hipconf add map 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 2001:100:6:5000:214:6cff:fe53:180a

we added the mapping of the client's hit and clients IPv6 address manually.But I dont know why it always try to connect using the IPv4 address to the opendht

but normally when we try to ping this address it works.

# hipconf get ha all
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
216 bytes received from HIP daemon
HA is ESTABLISHED
 Local HIT: 2001:0010:46cb:2c84:144e:f93c:4133:c357
 Peer  HIT: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130
 Local LSI: 1.0.0.1
 Peer  LSI: 1.0.0.2
 Local IP: 2001:0002:0000:0000:0000:0000:0000:0002
 Local NAT traversal UDP port: 0
 Peer  IP: 2001:0100:0006:5000:0214:6cff:fe53:180a
 Peer  NAT traversal UDP port: 0
 Peer  hostname:

root@pluton:/etc# ip xfrm state
src 2001:2::2 dst 2001:100:6:5000:214:6cff:fe53:180a
        proto esp spi 0xe9f6f347 reqid 0 mode beet
        replay-window 0
        auth hmac(sha1) 0x2bd52bfa74ba4e4618edaff0d44afcd2e9513a3a
        enc cbc(aes) 0x9703989ad6c8d03dd6d983ac05ceaa67

sel src 2001:10:46cb:2c84:144e:f93c:4133:c357/128 dst 2001:13:cea1:6bc9:2032:b90b:e96a:2130/128

src 2001:100:6:5000:214:6cff:fe53:180a dst 2001:2::2
        proto esp spi 0x3e8555c7 reqid 0 mode beet
        replay-window 0
        auth hmac(sha1) 0xfb865ed61ac0315c4a832a6b13c71581fdc8f5fd
        enc cbc(aes) 0x180fd0a470d0d093d1ec910c12c8fdea

sel src 2001:13:cea1:6bc9:2032:b90b:e96a:2130/128 dst 2001:10:46cb:2c84:144e:f93c:4133:c357/128

root@pluton:/sbin# cat /etc/hip/hipd_config
# Format of this file is as with hipconf, but without hipconf prefix
# add hi default    # add all four HITs (see bug id 522)
# add map HIT IP    # preload some HIT-to-IP mappings to hipd

# add service rvs # the host acts as HIP rendezvous (see also /etc/hip/relay_config) # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to rendezvous server

hit-to-ip on # resolve HITs to locators in dynamic DNS zone

# hit-to-ip set hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net>. # resolve HITs to locators in dynamic DNS zone

nsupdate on # send dynamic DNS updates
# heartbeat 10 # send ICMPv6 messages inside HIP tunnels

# add server rvs hiprvs.infrahip.net <http://hiprvs.infrahip.net> 50000 # Register to free RVS at infrahip opendht on # turn DHT support on (use /etc/hip/dhtservers to define the used server)

# locator on        # host sends all of its locators in base exchange
# opp normal|advanced|none
# transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL)

nat plain-udp       # use UDP capsulation (for NATted environments)
debug medium        # debug verbosity: all, medium or none
root@pluton:/sbin# uname -a

Linux pluton 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686 GNU/Linux

root@pluton:/sbin# cat /etc/hip/hipd_config
# Format of this file is as with hipconf, but without hipconf prefix
# add hi default    # add all four HITs (see bug id 522)
# add map HIT IP    # preload some HIT-to-IP mappings to hipd

# add service rvs # the host acts as HIP rendezvous (see also /etc/hip/relay_config) # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to rendezvous server

hit-to-ip on # resolve HITs to locators in dynamic DNS zone

# hit-to-ip set hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net>. # resolve HITs to locators in dynamic DNS zone

nsupdate on # send dynamic DNS updates
# heartbeat 10 # send ICMPv6 messages inside HIP tunnels

# add server rvs hiprvs.infrahip.net <http://hiprvs.infrahip.net> 50000 # Register to free RVS at infrahip opendht on # turn DHT support on (use /etc/hip/dhtservers to define the used server)

# locator on        # host sends all of its locators in base exchange
# opp normal|advanced|none
# transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL)

nat plain-udp       # use UDP capsulation (for NATted environments)
debug medium        # debug verbosity: all, medium or none


iptables

Chain INPUT (policy ACCEPT)

target prot opt source destination HIPFW-INPUT 0 -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>

Chain FORWARD (policy ACCEPT)

target prot opt source destination HIPFW-FORWARD 0 -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>

Chain OUTPUT (policy ACCEPT)

target prot opt source destination HIPFW-OUTPUT 0 -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>

Chain HIPFW-FORWARD (1 references)

target prot opt source destination

Chain HIPFW-INPUT (1 references)

target prot opt source destination

Chain HIPFW-OUTPUT (1 references)

target prot opt source destination QUEUE 0 -- 0.0.0.0/0 <http://0.0.0.0/0> 1.0.0.0/8 <http://1.0.0.0/8>

# ip6tables -L -n
Chain INPUT (policy ACCEPT)

target prot opt source destination HIPFW-INPUT 0 ::/0 ::/0 ACCEPT tcp ::/0 ::/0 tcp dpt:1111

Chain FORWARD (policy ACCEPT)

target prot opt source destination HIPFW-FORWARD 0 ::/0 ::/0

Chain OUTPUT (policy ACCEPT)

target prot opt source destination HIPFW-OUTPUT 0 ::/0 ::/0

Chain HIPFW-FORWARD (1 references)

target prot opt source destination

Chain HIPFW-INPUT (1 references)

target prot opt source destination QUEUE 0 ::/0 2001:10::/28

Chain HIPFW-OUTPUT (1 references)
target     prot opt source               destination


 ps axu |grep hip
nobody    6531  0.0  0.1  25672  5864 pts/0    S+   Jun15   0:21 hipd

nobody 6784 0.0 0.0 13344 1096 pts/2 S Jun15 0:00 /usr/sbin/hipfw -bklpF

root      7695  0.0  0.0   2976   768 pts/1    S+   15:00   0:00 grep hip
# ps axu |grep dns
root      7697  0.0  0.0   2972   760 pts/1    R+   15:00   0:00 grep dns



On th server console:

info(update.c:3350@hip_build_locators): Created one local type2 locator item: : 2001:0002:0000:0000:0000:0000:0000:0002

info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165
info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165

info(input.c:460@hip_receive_control_packet): HIT Sender: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 info(input.c:461@hip_receive_control_packet): HIT Receiver: 2001:0010:46cb:2c84:144e:f93c:4133:c357 info(hadb.c:138@hip_hadb_find_byhits): HIT1: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 info(hadb.c:139@hip_hadb_find_byhits): HIT2: 2001:0010:46cb:2c84:144e:f93c:4133:c357 info(output.c:970@hip_xmit_r1): hip_xmit_r1(): ripkt->hitr: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 info(input.c:460@hip_receive_control_packet): HIT Sender: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 info(input.c:461@hip_receive_control_packet): HIT Receiver: 2001:0010:46cb:2c84:144e:f93c:4133:c357 info(hadb.c:138@hip_hadb_find_byhits): HIT1: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 info(hadb.c:139@hip_hadb_find_byhits): HIT2: 2001:0010:46cb:2c84:144e:f93c:4133:c357 info(input.c:1669@hip_handle_i2): i2_saddr: 2001:0100:0006:5000:0214:6cff:fe53:180a info(input.c:1670@hip_handle_i2): i2_daddr: 2001:0002:0000:0000:0000:0000:0000:0002 info(hadb.c:2248@hip_init_peer): peer's hit: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 info(hadb.c:2249@hip_init_peer): entry's hit: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 info(xfrmapi.c:513@hip_add_sa): src_hit: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 info(xfrmapi.c:514@hip_add_sa): dst_hit: 2001:0010:46cb:2c84:144e:f93c:4133:c357 info(xfrmapi.c:513@hip_add_sa): src_hit: 2001:0010:46cb:2c84:144e:f93c:4133:c357 info(xfrmapi.c:514@hip_add_sa): dst_hit: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130

error(update.c:3074@hip_handle_locator_parameter): No locator to handle

error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to host error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to host info(update.c:3254@hip_build_locators): Created one locator item: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3275@hip_build_locators): Created one locator item: : 192.168.12.165 info(update.c:3289@hip_build_locators): Looking for reflexive, prefered addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a info(update.c:3291@hip_build_locators): Looking for reflexive, local addres: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3295@hip_build_locators): Looking for reflexive addr: : 0000:0000:0000:0000:0000:0000:0000:0000 info(update.c:3350@hip_build_locators): Created one local type2 locator item: : 2001:0002:0000:0000:0000:0000:0000:0002

info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165
info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165

info(update.c:3254@hip_build_locators): Created one locator item: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3275@hip_build_locators): Created one locator item: : 192.168.12.165 info(update.c:3289@hip_build_locators): Looking for reflexive, prefered addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a info(update.c:3291@hip_build_locators): Looking for reflexive, local addres: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3295@hip_build_locators): Looking for reflexive addr: : 0000:0000:0000:0000:0000:0000:0000:0000 info(update.c:3350@hip_build_locators): Created one local type2 locator item: : 2001:0002:0000:0000:0000:0000:0000:0002

info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165
info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165

error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to host error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to host info(update.c:3254@hip_build_locators): Created one locator item: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3275@hip_build_locators): Created one locator item: : 192.168.12.165 info(update.c:3289@hip_build_locators): Looking for reflexive, prefered addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a info(update.c:3291@hip_build_locators): Looking for reflexive, local addres: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3295@hip_build_locators): Looking for reflexive addr: : 0000:0000:0000:0000:0000:0000:0000:0000 info(update.c:3350@hip_build_locators): Created one local type2 locator item: : 2001:0002:0000:0000:0000:0000:0000:0002

info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165
info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165

error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to host error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to host info(update.c:3254@hip_build_locators): Created one locator item: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3275@hip_build_locators): Created one locator item: : 192.168.12.165 info(update.c:3289@hip_build_locators): Looking for reflexive, prefered addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a info(update.c:3291@hip_build_locators): Looking for reflexive, local addres: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3295@hip_build_locators): Looking for reflexive addr: : 0000:0000:0000:0000:0000:0000:0000:0000 info(update.c:3350@hip_build_locators): Created one local type2 locator item: : 2001:0002:0000:0000:0000:0000:0000:0002

info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165
info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165

info(update.c:3254@hip_build_locators): Created one locator item: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3275@hip_build_locators): Created one locator item: : 192.168.12.165 info(update.c:3289@hip_build_locators): Looking for reflexive, prefered addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a info(update.c:3291@hip_build_locators): Looking for reflexive, local addres: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3295@hip_build_locators): Looking for reflexive addr: : 0000:0000:0000:0000:0000:0000:0000:0000 info(update.c:3350@hip_build_locators): Created one local type2 locator item: : 2001:0002:0000:0000:0000:0000:0000:0002

info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165
info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165

error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to host error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to host info(update.c:3254@hip_build_locators): Created one locator item: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3275@hip_build_locators): Created one locator item: : 192.168.12.165 info(update.c:3289@hip_build_locators): Looking for reflexive, prefered addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a info(update.c:3291@hip_build_locators): Looking for reflexive, local addres: : 2001:0002:0000:0000:0000:0000:0000:0002 info(update.c:3295@hip_build_locators): Looking for reflexive addr: : 0000:0000:0000:0000:0000:0000:0000:0000 info(update.c:3350@hip_build_locators): Created one local type2 locator item: : 2001:0002:0000:0000:0000:0000:0000:0002

info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165
info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165

error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to host error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to host

2009/6/8 Miika Komu <miika.komu@xxxxxxx <mailto:miika.komu@xxxxxxx>>

    Adrian Alvarez wrote:

    Hi,

    run "/etc/init.d/hipfw restart" on both sides and please try again.
    It appears that you have the queue rules in place but no hipfw
    running (crashed?). This causes ESP packets to be "stuck". Hope this
    helps...

        hello again,


        I tried adding tcp port 1111 to ip6tqbles and we are still
        unable to transfer data. Here is the information of the system
        at the time of the issue:

        Responder information:

        SAs
        Sending user message 22 to HIPD on socket 3
        Sent 40 bytes
        Waiting to receive daemon info.
        216 bytes received from HIP daemon
        HA is ESTABLISHED
         Local HIT: 2001:0018:ea59:a472:459f:ec45:
        0cdc:7113
         Peer  HIT: 2001:001a:c2da:a601:1cfd:e9dd:5719:37dc
         Local LSI: 1.0.0.1
         Peer  LSI: 1.0.0.2
         Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0002
         Local NAT traversal UDP port: 0
         Peer  IP: 3ffe:0000:0000:0000:0000:0000:0000:0004
         Peer  NAT traversal UDP port: 0
         Peer  hostname:

        ip xfrm
        src 3ffe::2 dst 3ffe::4
           proto esp spi 0x70e176a1 reqid 0 mode beet
           replay-window 0
           auth hmac(sha1) 0xbd7c623ba16ee3b08c0cfd0619d0f003940d4cec
           enc cbc(aes) 0x82cc95e7d55624bb2dca3ae8302a6fc4
           sel src 2001:18:ea59:a472:459f:ec45:cdc:7113/128 dst
        2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128
        src 3ffe::4 dst 3ffe::2
           proto esp spi 0xdfcd7423 reqid 0 mode beet
           replay-window 0
           auth hmac(sha1) 0x01db34f498c91be1ad6aa858dd765f484d69fc52
           enc cbc(aes) 0x10a036d9e3558f9dbc1ff00e4e0f28e5
           sel src 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 dst
        2001:18:ea59:a472:459f:ec45:cdc:7113/128

        uname
        Linux vault101 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17
        01:57:59 UTC 2009 i686 GNU/Linux

        hipd_config

        # Format of this file is as with hipconf, but without hipconf prefix
        # add hi default    # add all four HITs (see bug id 522)
        # add map HIT IP    # preload some HIT-to-IP mappings to hipd
        # add service rvs   # the host acts as HIP rendezvous (see also
        /etc/hip/relay_config)
        # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs>
        # register to rendezvous server
        hit-to-ip on # resolve HITs to locators in dynamic DNS zone
        # hit-to-ip set hit-to-ip.infrahip.net
        <http://hit-to-ip.infrahip.net>
        <http://hit-to-ip.infrahip.net/>. # resolve HITs to locators in
        dynamic DNS zone

        nsupdate off # send dynamic DNS updates
        # heartbeat 10 # send ICMPv6 messages inside HIP tunnels
        # add server rvs hiprvs.infrahip.net
        <http://hiprvs.infrahip.net> <http://hiprvs.infrahip.net/> 50000
        # Register to free RVS at infrahip

        opendht off # turn DHT support on (use /etc/hip/dhtservers to
        define the used server)
        # locator on        # host sends all of its locators in base
        exchange
        # opp normal|advanced|none
        # transform order 213 # crypto preference order (1=AES, 2=3DES,
        3=NULL)

        #nat plain-udp       # use UDP capsulation (for NATted environments)
        debug medium        # debug verbosity: all, medium or none


        iptables

        Chain INPUT (policy ACCEPT)

target prot opt source destination HIPFW-INPUT all -- 0.0.0.0/0 <http://0.0.0.0/0>

        <http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>

<http://0.0.0.0/0> Chain FORWARD (policy ACCEPT) target prot opt source destination HIPFW-FORWARD all -- 0.0.0.0/0 <http://0.0.0.0/0>

        <http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>

<http://0.0.0.0/0> Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT all -- 0.0.0.0/0 <http://0.0.0.0/0>

        <http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>

<http://0.0.0.0/0> Chain HIPFW-FORWARD (1 references) target prot opt source destination Chain HIPFW-INPUT (1 references) target prot opt source destination Chain HIPFW-OUTPUT (1 references) target prot opt source destination QUEUE all -- 0.0.0.0/0 <http://0.0.0.0/0>

        <http://0.0.0.0/0>            1.0.0.0/8 <http://1.0.0.0/8>
        <http://1.0.0.0/8>



        ip6tables

        Chain INPUT (policy ACCEPT)

target prot opt source destination HIPFW-INPUT all ::/0 ::/0 Chain FORWARD (policy ACCEPT) target prot opt source destination HIPFW-FORWARD all ::/0 ::/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT all ::/0 ::/0 Chain HIPFW-FORWARD (1 references) target prot opt source destination Chain HIPFW-INPUT (1 references) target prot opt source destination QUEUE all ::/0 2001:10::/28

        ps aux|grep hip
        nobody    3615  0.0  0.0  14668  2504 pts/0    S+   11:30   0:00
        hipd
        root      4916  0.0  0.0   3336   788 pts/3    R+   11:43   0:00
        grep hip

        ps aux|grep dns
        root      4918  0.0  0.0   3336   788 pts/3    R+   11:43   0:00
        grep dns


        Initiator's info


        Sending user message 22 to HIPD on socket 3
        Sent 40 bytes
        Waiting to receive daemon info.
        216 bytes received from HIP daemon
        HA is ESTABLISHED
         Local HIT: 2001:001a:c2da:a601:1cfd:e9dd:5719:37dc
         Peer  HIT: 2001:0018:ea59:a472:459f:ec45:0cdc:7113
         Local LSI: 1.0.0.1
         Peer  LSI: 1.0.0.2
         Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0004
         Local NAT traversal UDP port: 0
         Peer  IP: 3ffe:0000:0000:0000:0000:0000:0000:0002
         Peer  NAT traversal UDP port: 0
         Peer  hostname: vault101


        src 3ffe::4 dst 3ffe::2
           proto esp spi 0xdfcd7423 reqid 0 mode beet
           replay-window 0
           auth hmac(sha1) 0x01db34f498c91be1ad6aa858dd765f484d69fc52
           enc cbc(aes) 0x10a036d9e3558f9dbc1ff00e4e0f28e5
           sel src 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 dst
        2001:18:ea59:a472:459f:ec45:cdc:7113/128
        src 3ffe::2 dst 3ffe::4
           proto esp spi 0x70e176a1 reqid 0 mode beet
           replay-window 0
           auth hmac(sha1) 0xbd7c623ba16ee3b08c0cfd0619d0f003940d4cec
           enc cbc(aes) 0x82cc95e7d55624bb2dca3ae8302a6fc4
           sel src 2001:18:ea59:a472:459f:ec45:cdc:7113/128 dst
        2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128




        Linux vault113 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17
        01:57:59 UTC 2009 i686 GNU/Linux



        # Format of this file is as with hipconf, but without hipconf prefix
        # add hi default    # add all four HITs (see bug id 522)
        # add map HIT IP    # preload some HIT-to-IP mappings to hipd
        # add service rvs   # the host acts as HIP rendezvous (see also
        /etc/hip/relay_config)
        # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs>
        # register to rendezvous server
        hit-to-ip on # resolve HITs to locators in dynamic DNS zone
        # hit-to-ip set hit-to-ip.infrahip.net
        <http://hit-to-ip.infrahip.net> <http://hit-to-ip.infrahip.net>.
        # resolve HITs to locators in dynamic DNS zone

        nsupdate on # send dynamic DNS updates
        # heartbeat 10 # send ICMPv6 messages inside HIP tunnels
        # add server rvs hiprvs.infrahip.net
        <http://hiprvs.infrahip.net> <http://hiprvs.infrahip.net> 50000
        # Register to free RVS at infrahip

        opendht on # turn DHT support on (use /etc/hip/dhtservers to
        define the used server)
        # locator on        # host sends all of its locators in base
        exchange
        # opp normal|advanced|none
        # transform order 213 # crypto preference order (1=AES, 2=3DES,
        3=NULL)

        nat plain-udp       # use UDP capsulation (for NATted environments)
        debug medium        # debug verbosity: all, medium or none



        iptable
        Chain INPUT (policy ACCEPT)

target prot opt source destination HIPFW-INPUT all -- 0.0.0.0/0 <http://0.0.0.0/0>

        <http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>
        <http://0.0.0.0/0>          ACCEPT     tcp  --  0.0.0.0/0
        <http://0.0.0.0/0> <http://0.0.0.0/0>            0.0.0.0/0
        <http://0.0.0.0/0> <http://0.0.0.0/0>           tcp dpt:1111

        Chain FORWARD (policy ACCEPT)

target prot opt source destination HIPFW-FORWARD all -- 0.0.0.0/0 <http://0.0.0.0/0>

        <http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>

<http://0.0.0.0/0> Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT all -- 0.0.0.0/0 <http://0.0.0.0/0>

        <http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>

<http://0.0.0.0/0>

        Chain HIPFW-FORWARD (1 references)

target prot opt source destination Chain HIPFW-INPUT (1 references) target prot opt source destination Chain HIPFW-OUTPUT (1 references) target prot opt source destination QUEUE all -- 0.0.0.0/0 <http://0.0.0.0/0>

        <http://0.0.0.0/0>            1.0.0.0/8 <http://1.0.0.0/8>

<http://1.0.0.0/8>

        ip6table
        Chain INPUT (policy ACCEPT)

target prot opt source destination HIPFW-INPUT all ::/0 ::/0 ACCEPT tcp ::/0 ::/0 tcp

        dpt:1111

        Chain FORWARD (policy ACCEPT)

target prot opt source destination HIPFW-FORWARD all ::/0 ::/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT all ::/0 ::/0 Chain HIPFW-FORWARD (1 references) target prot opt source destination Chain HIPFW-INPUT (1 references) target prot opt source destination QUEUE all ::/0 2001:10::/28 Chain HIPFW-OUTPUT (1 references) target prot opt source destination

        nobody   13663  0.0  0.0  14792  2792 pts/0    S+   11:36   0:00
        hipd
        root     14735  0.0  0.0   3336   788 pts/2    R+   11:52   0:00
        grep hip



        root     14737  0.0  0.0   3336   792 pts/2    R+   11:52   0:00
        grep dns


        thanks,


        Adrian





        On Mon, Jun 8, 2009 at 10:09 AM, Miika Komu <miika.komu@xxxxxxx
        <mailto:miika.komu@xxxxxxx> <mailto:miika.komu@xxxxxxx
        <mailto:miika.komu@xxxxxxx>>> wrote:

           Adrian Alvarez wrote:

           Hi,

           I got connection refused, but after allowing tcp port 1111 in
           iptables/ip6tables it started working.

           I added some bug reporting instructions to bugzilla. Please
        give all
           information for us to try to reproduce the problem:

           http://infrahip.hiit.fi/hipl/manual/ch08.html

           Are you running kernel version >= 2.6.27?

               Hi all,
               We are having some problems trying establish communications
               between two hosts using hip. We have followed the
        instruction of
               the manual very closely, however, it is impossible to
        transfer
               some date from one host to another using hip.

               We are using wireshark to monitor the exchange, and we
        were able
               to observe the following:

               1) HIP base exchange between the two hosts is completed.
               2) TCP data transfer via HIP is not realized.
               3) The initiator node sends a TCP SYN with the HIT info,
        but the
               responder node fails to send an ACK back.

               This seems similar to Shashank's issue.
               Any light on this matter would be useful.

               Thank you all.
               Adrian.

               On Sun, Jun 7, 2009 at 3:56 PM, shashank m
        <shashanm@xxxxxxxxx <mailto:shashanm@xxxxxxxxx>
               <mailto:shashanm@xxxxxxxxx <mailto:shashanm@xxxxxxxxx>>
        <mailto:shashanm@xxxxxxxxx <mailto:shashanm@xxxxxxxxx>

               <mailto:shashanm@xxxxxxxxx <mailto:shashanm@xxxxxxxxx>>>>
        wrote:

                  Hello,
                                I was trying to connect two systems
        locally using hip with an
                      IPV6 application given in the
        manual.*Conntest-client* and
                      *conntest-server*.I have disabled opendht support
        as I have
                      given the mapping between the HIT s and Ipv6 addresses
               manually
                      using *hipconf*.


                      after executing "Conntest-client-hip [HIT_server]
        tcp 1111"

                      it prints the mapping with the hit and IPV6
        address of the
                      server and the base exchange happens but the
        messages are not
                      transmitted to the server .I think that the
        mapping is not
                      working properly in the code .Please do solve the
        problem


                      in the client console i often see this messsae


                      """------State established not triggering
        bex--------" this
                      message comes repeatedly .I think this is only
        because of the
                      mapping problem .Correct me if I am wrong.



                  Thanks in advance,

                  Regards,
                  Shashank.M.

Regards,

Shashank.M.

• Follow-Ups:
  • [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
    • From: shashank m

• References:
  • [hipl-users] Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
    • From: shashank m
  • [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
    • From: Adrian Alvarez
  • [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
    • From: Miika Komu
  • [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
    • From: Adrian Alvarez
  • [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
    • From: Miika Komu
  • [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
    • From: shashank m

Other related posts:

• » [hipl-users] Problem during Testing HIP connection between two locally connected hosts using an IPv6 application- shashank m
• » [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application- Adrian Alvarez
• » [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application- Miika Komu
• » [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application- Adrian Alvarez
• » [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application- Miika Komu
• » [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application- shashank m
• » [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application - Miika Komu
• » [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application- shashank m
• » [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application- Miika Komu
• » [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application- Miika Komu

1. Home
2. hipl-users
3. Archive
4. 06-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---