Hi again, I have just updated the kernel to 2.6.28 and getting the same problem here is the information required about the error.I dont have selinux enabled.As iam trying to connect two machines locally the two machines are not connected to internet and we added the mapping manually between the HIT and ipv6 address.without taking the support of dht.still we are unable to send the packets between the two systems. Please help. Thanks in advance. * Here is the ocnfiguration on the server :* root@pluton:~# dpkg -l 'hipl*' Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-============================================ ii hipl-agent 1.0.4-42 Graphical user interface for HIP for Linux. ii hipl-all 1.0.4-42 HIPL software bundle: HIP for Linux librarie ii hipl-daemon 1.0.4-42 HIP for Linux IPsec key management and mobil ii hipl-dnsproxy 1.0.4-42 Name look-up proxy for HIP for Linux. Interc ii hipl-doc 1.0.4-42 documentation for HIP for Linux ii hipl-firewall 1.0.4-42 HIPL multi-purpose firewall daemon. Public-k ii hipl-lib 1.0.4-42 HIP for Linux libraries ii hipl-test 1.0.4-42 netcat-like command line tools with built-in ii hipl-tools 1.0.4-42 Command line tools to control hipd from comm ___________________------------------------------------------------------------------------------------------- root@pluton:~# hipconf get ha all Sending user message 22 to HIPD on socket 3 Sent 40 bytes Waiting to receive daemon info. 40 bytes received from HIP daemon ------------------------------------------------------- root@pluton:~# ip xfrm state ------------------------------------------------------- root@pluton:~# uname -a Linux pluton 2.6.28.10 #1 SMP Fri Jun 19 11:00:49 CEST 2009 i686 GNU/Linux ---------------------------------------------------------------------------- root@pluton:~# cat /etc/hip/hipd_config # Format of this file is as with hipconf, but without hipconf prefix # add hi default # add all four HITs (see bug id 522) # add map HIT IP # preload some HIT-to-IP mappings to hipd # add service rvs # the host acts as HIP rendezvous (see also /etc/hip/relay_config) # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to rendezvous server hit-to-ip on # resolve HITs to locators in dynamic DNS zone # hit-to-ip set hit-to-ip.infrahip.net. # resolve HITs to locators in dynamic DNS zone nsupdate on # send dynamic DNS updates # heartbeat 10 # send ICMPv6 messages inside HIP tunnels # add server rvs hiprvs.infrahip.net 50000 # Register to free RVS at infrahip opendht on # turn DHT support on (use /etc/hip/dhtservers to define the used server) # locator on # host sends all of its locators in base exchange # opp normal|advanced|none # transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL) nat plain-udp # use UDP capsulation (for NATted environments) debug medium # debug verbosity: all, medium or none -------------------------------------------------------------------------- root@pluton:~# ip6tables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination HIPFW-INPUT 0 ::/0 ::/0 ACCEPT tcp ::/0 ::/0 tcp dpt:1111 ACCEPT tcp ::/0 ::/0 tcp spt:1111 Chain FORWARD (policy ACCEPT) target prot opt source destination HIPFW-FORWARD 0 ::/0 ::/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT 0 ::/0 ::/0 Chain HIPFW-FORWARD (1 references) target prot opt source destination QUEUE udp ::/0 ::/0 udp spt:50500 QUEUE udp ::/0 ::/0 udp dpt:50500 QUEUE esp ::/0 ::/0 QUEUE 139 ::/0 ::/0 Chain HIPFW-INPUT (1 references) target prot opt source destination QUEUE udp ::/0 ::/0 udp spt:50500 QUEUE udp ::/0 ::/0 udp dpt:50500 QUEUE esp ::/0 ::/0 QUEUE 139 ::/0 ::/0 Chain HIPFW-OUTPUT (1 references) target prot opt source destination QUEUE udp ::/0 ::/0 udp spt:50500 QUEUE udp ::/0 ::/0 udp dpt:50500 QUEUE esp ::/0 ::/0 QUEUE 139 ::/0 ::/0 ----------------------------------------------------------------------------------------------- root@pluton:~# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination HIPFW-INPUT 0 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 139 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination HIPFW-FORWARD 0 -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT 0 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 139 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 Chain HIPFW-FORWARD (1 references) target prot opt source destination QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:50500 QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:50500 QUEUE esp -- 0.0.0.0/0 0.0.0.0/0 QUEUE 139 -- 0.0.0.0/0 0.0.0.0/0 Chain HIPFW-INPUT (1 references) target prot opt source destination QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:50500 QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:50500 QUEUE esp -- 0.0.0.0/0 0.0.0.0/0 QUEUE 139 -- 0.0.0.0/0 0.0.0.0/0 Chain HIPFW-OUTPUT (1 references) target prot opt source destination QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:50500 QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:50500 QUEUE esp -- 0.0.0.0/0 0.0.0.0/0 QUEUE 139 -- 0.0.0.0/0 0.0.0.0/0 root@pluton:~# --------------------------------------------------------------------------------------------------- root@pluton:~# ps axu |grep hip nobody 9261 0.0 0.0 22432 2468 pts/0 S+ 11:57 0:00 hipd root 9290 0.0 0.0 13164 1220 pts/1 S+ 11:57 0:00 hipfw root 9393 0.0 0.0 2972 752 pts/4 R+ 12:03 0:00 grep hip ---------------------------------------------------- root@pluton:~# ps axu|grep dns root 9395 0.0 0.0 2972 760 pts/4 S+ 12:04 0:00 grep dns * **Here is the ocnfiguration on the client:* dpkg -l 'hipl*' Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-======================================================================================================== ii hipl-agent 1.0.4-42 Graphical user interface for HIP for Linux. Provides user-friendly access control "buddy" lists for HIP. ii hipl-all 1.0.4-42 HIPL software bundle: HIP for Linux libraries, daemons and documentation ii hipl-daemon 1.0.4-42 HIP for Linux IPsec key management and mobility daemon ii hipl-dnsproxy 1.0.4-42 Name look-up proxy for HIP for Linux. Intercepts DNS look-ups and returns HIT or LSIs when corresponding ii hipl-doc 1.0.4-42 documentation for HIP for Linux ii hipl-firewall 1.0.4-42 HIPL multi-purpose firewall daemon. Public-key/HIT-based access control, Local Scope Identifier support, ii hipl-lib 1.0.4-42 HIP for Linux libraries ii hipl-test 1.0.4-42 netcat-like command line tools with built-in HIP support for developers ii hipl-tools 1.0.4-42 Command line tools to control hipd from command line hipconf get ha all Sending user message 22 to HIPD on socket 3 Sent 40 bytes Waiting to receive daemon info. 216 bytes received from HIP daemon HA is I1-SENT Local HIT: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 Peer HIT: 2001:0010:46cb:2c84:144e:f93c:4133:c357 Local LSI: 1.0.0.1 Peer LSI: 1.0.0.2 Local IP: 2001:0100:0006:5000:0214:6cff:fe53:180a Local NAT traversal UDP port: 0 Peer IP: 2001:0002:0000:0000:0000:0000:0000:0002 Peer NAT traversal UDP port: 0 Peer hostname: ip xfrm state -- no output uname -a Linux apollo3-laptop 2.6.28.10 #2 SMP Fri Jun 19 10:19:59 CEST 2009 i686 GNU/Linux cat /etc/hip/hipd_config # Format of this file is as with hipconf, but without hipconf prefix # add hi default # add all four HITs (see bug id 522) # add map HIT IP # preload some HIT-to-IP mappings to hipd # add service rvs # the host acts as HIP rendezvous (see also /etc/hip/relay_config) # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to rendezvous server hit-to-ip on # resolve HITs to locators in dynamic DNS zone # hit-to-ip set hit-to-ip.infrahip.net. # resolve HITs to locators in dynamic DNS zone nsupdate on # send dynamic DNS updates # heartbeat 10 # send ICMPv6 messages inside HIP tunnels # add server rvs hiprvs.infrahip.net 50000 # Register to free RVS at infrahip opendht on # turn DHT support on (use /etc/hip/dhtservers to define the used server) # locator on # host sends all of its locators in base exchange # opp normal|advanced|none # transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL) nat plain-udp # use UDP capsulation (for NATted environments) debug medium # debug verbosity: all, medium or none cat /etc/selinux/config iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination HIPFW-INPUT 0 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 139 -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination HIPFW-FORWARD 0 -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT 0 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 139 -- 0.0.0.0/0 0.0.0.0/0 Chain HIPFW-FORWARD (1 references) target prot opt source destination QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:50500 QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:50500 QUEUE esp -- 0.0.0.0/0 0.0.0.0/0 QUEUE 139 -- 0.0.0.0/0 0.0.0.0/0 Chain HIPFW-INPUT (1 references) target prot opt source destination QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:50500 QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:50500 QUEUE esp -- 0.0.0.0/0 0.0.0.0/0 QUEUE 139 -- 0.0.0.0/0 0.0.0.0/0 Chain HIPFW-OUTPUT (1 references) target prot opt source destination QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:50500 QUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:50500 QUEUE esp -- 0.0.0.0/0 0.0.0.0/0 QUEUE 139 -- 0.0.0.0/0 0.0.0.0/0 ip6tables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination HIPFW-INPUT 0 ::/0 ::/0 ACCEPT tcp ::/0 ::/0 tcp dpt:1111 ACCEPT 0 2001:10::/28 2001:10::/28 ACCEPT tcp ::/0 ::/0 tcp dpt:1111 ACCEPT tcp ::/0 ::/0 tcp spt:1111 Chain FORWARD (policy ACCEPT) target prot opt source destination HIPFW-FORWARD 0 ::/0 ::/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT 0 ::/0 ::/0 ACCEPT 0 2001:10::/28 2001:10::/28 Chain HIPFW-FORWARD (1 references) target prot opt source destination QUEUE udp ::/0 ::/0 udp spt:50500 QUEUE udp ::/0 ::/0 udp dpt:50500 QUEUE esp ::/0 ::/0 QUEUE 139 ::/0 ::/0 Chain HIPFW-INPUT (1 references) target prot opt source destination QUEUE udp ::/0 ::/0 udp spt:50500 QUEUE udp ::/0 ::/0 udp dpt:50500 QUEUE esp ::/0 ::/0 QUEUE 139 ::/0 ::/0 Chain HIPFW-OUTPUT (1 references) target prot opt source destination QUEUE udp ::/0 ::/0 udp spt:50500 QUEUE udp ::/0 ::/0 udp dpt:50500 QUEUE esp ::/0 ::/0 QUEUE 139 ::/0 ::/0 ps axu| grep hip nobody 9232 0.0 0.5 22472 2612 pts/1 S+ 11:55 0:00 hipd root 9263 0.0 0.2 13164 1240 pts/3 S+ 11:55 0:00 hipfw root 9437 0.0 0.1 2972 756 pts/7 S+ 12:06 0:00 grep hip ping ps axu| grep dns root 9439 0.0 0.1 2972 752 pts/7 R+ 12:06 0:00 grep dns * * 2009/6/16 Miika Komu <miika.komu@xxxxxxx> > shashank m wrote: > > Hi, > > you're system is running too old kernel. Please either use userspace ipsec > or upgrade to 2.6.27 or higher. I hope this is now more clear in the manual: > > http://infrahip.hiit.fi/hipl/manual/ch02.html > > Hi , >> >> I have added the tcp port in the ip6 tables and restarted the hifw >> and still have the same problem.I am just pasting all the information of my >> configuration .And i dont have SELINUX enabled in my Ubuntu dist >> >> >> here is the in formation at my server .it always try to connect to dht >> gateway though we provide mapping manually. >> >> please do check this ,Thank s in advance . >> >> >> eth0 Link encap:Ethernet HWaddr 00:1C:23:2F:1D:56 inet >> addr:192.168.12.165 Bcast:192.168.12.255 Mask:255.255.255.0 >> inet6 addr: 2001:2::2/64 Scope:Global >> inet6 addr: fe80::21c:23ff:fe2f:1d56/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:1303 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:1074 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:597647 (583.6 KB) TX bytes:169937 (165.9 KB) >> Interrupt:17 >> >> >> on the server console >> >> hipconf add map 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 >> 2001:100:6:5000:214:6cff:fe53:180a >> >> we added the mapping of the client's hit and clients IPv6 address >> manually.But I dont know why it always try to connect using the IPv4 address >> to the opendht >> but normally when we try to ping this address it works. >> >> # hipconf get ha all >> Sending user message 22 to HIPD on socket 3 >> Sent 40 bytes >> Waiting to receive daemon info. >> 216 bytes received from HIP daemon >> HA is ESTABLISHED >> Local HIT: 2001:0010:46cb:2c84:144e:f93c:4133:c357 >> Peer HIT: 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 >> Local LSI: 1.0.0.1 >> Peer LSI: 1.0.0.2 >> Local IP: 2001:0002:0000:0000:0000:0000:0000:0002 >> Local NAT traversal UDP port: 0 >> Peer IP: 2001:0100:0006:5000:0214:6cff:fe53:180a >> Peer NAT traversal UDP port: 0 >> Peer hostname: >> >> root@pluton:/etc# ip xfrm state >> src 2001:2::2 dst 2001:100:6:5000:214:6cff:fe53:180a >> proto esp spi 0xe9f6f347 reqid 0 mode beet >> replay-window 0 >> auth hmac(sha1) 0x2bd52bfa74ba4e4618edaff0d44afcd2e9513a3a >> enc cbc(aes) 0x9703989ad6c8d03dd6d983ac05ceaa67 >> sel src 2001:10:46cb:2c84:144e:f93c:4133:c357/128 dst >> 2001:13:cea1:6bc9:2032:b90b:e96a:2130/128 >> src 2001:100:6:5000:214:6cff:fe53:180a dst 2001:2::2 >> proto esp spi 0x3e8555c7 reqid 0 mode beet >> replay-window 0 >> auth hmac(sha1) 0xfb865ed61ac0315c4a832a6b13c71581fdc8f5fd >> enc cbc(aes) 0x180fd0a470d0d093d1ec910c12c8fdea >> sel src 2001:13:cea1:6bc9:2032:b90b:e96a:2130/128 dst >> 2001:10:46cb:2c84:144e:f93c:4133:c357/128 >> >> >> root@pluton:/sbin# cat /etc/hip/hipd_config >> # Format of this file is as with hipconf, but without hipconf prefix >> # add hi default # add all four HITs (see bug id 522) >> # add map HIT IP # preload some HIT-to-IP mappings to hipd >> # add service rvs # the host acts as HIP rendezvous (see also >> /etc/hip/relay_config) >> # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register >> to rendezvous server >> hit-to-ip on # resolve HITs to locators in dynamic DNS zone >> # hit-to-ip set hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net>. # >> resolve HITs to locators in dynamic DNS zone >> nsupdate on # send dynamic DNS updates >> # heartbeat 10 # send ICMPv6 messages inside HIP tunnels >> # add server rvs hiprvs.infrahip.net <http://hiprvs.infrahip.net> 50000 # >> Register to free RVS at infrahip >> opendht on # turn DHT support on (use /etc/hip/dhtservers to define the >> used server) >> # locator on # host sends all of its locators in base exchange >> # opp normal|advanced|none >> # transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL) >> >> nat plain-udp # use UDP capsulation (for NATted environments) >> debug medium # debug verbosity: all, medium or none >> root@pluton:/sbin# uname -a >> Linux pluton 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686 >> GNU/Linux >> >> >> root@pluton:/sbin# cat /etc/hip/hipd_config >> # Format of this file is as with hipconf, but without hipconf prefix >> # add hi default # add all four HITs (see bug id 522) >> # add map HIT IP # preload some HIT-to-IP mappings to hipd >> # add service rvs # the host acts as HIP rendezvous (see also >> /etc/hip/relay_config) >> # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register >> to rendezvous server >> hit-to-ip on # resolve HITs to locators in dynamic DNS zone >> # hit-to-ip set hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net>. # >> resolve HITs to locators in dynamic DNS zone >> nsupdate on # send dynamic DNS updates >> # heartbeat 10 # send ICMPv6 messages inside HIP tunnels >> # add server rvs hiprvs.infrahip.net <http://hiprvs.infrahip.net> 50000 # >> Register to free RVS at infrahip >> opendht on # turn DHT support on (use /etc/hip/dhtservers to define the >> used server) >> # locator on # host sends all of its locators in base exchange >> # opp normal|advanced|none >> # transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL) >> >> nat plain-udp # use UDP capsulation (for NATted environments) >> debug medium # debug verbosity: all, medium or none >> >> >> iptables >> >> Chain INPUT (policy ACCEPT) >> target prot opt source destination HIPFW-INPUT 0 >> -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 < >> http://0.0.0.0/0> >> Chain FORWARD (policy ACCEPT) >> target prot opt source destination HIPFW-FORWARD >> 0 -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 < >> http://0.0.0.0/0> >> Chain OUTPUT (policy ACCEPT) >> target prot opt source destination HIPFW-OUTPUT >> 0 -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 < >> http://0.0.0.0/0> >> Chain HIPFW-FORWARD (1 references) >> target prot opt source destination >> Chain HIPFW-INPUT (1 references) >> target prot opt source destination >> Chain HIPFW-OUTPUT (1 references) >> target prot opt source destination QUEUE 0 >> -- 0.0.0.0/0 <http://0.0.0.0/0> 1.0.0.0/8 <http://1.0.0.0/8> >> >> >> >> # ip6tables -L -n >> Chain INPUT (policy ACCEPT) >> target prot opt source destination HIPFW-INPUT 0 >> ::/0 ::/0 ACCEPT tcp ::/0 >> ::/0 tcp dpt:1111 >> >> Chain FORWARD (policy ACCEPT) >> target prot opt source destination HIPFW-FORWARD >> 0 ::/0 ::/0 >> Chain OUTPUT (policy ACCEPT) >> target prot opt source destination HIPFW-OUTPUT >> 0 ::/0 ::/0 >> Chain HIPFW-FORWARD (1 references) >> target prot opt source destination >> Chain HIPFW-INPUT (1 references) >> target prot opt source destination QUEUE 0 >> ::/0 2001:10::/28 >> Chain HIPFW-OUTPUT (1 references) >> target prot opt source destination >> >> >> ps axu |grep hip >> nobody 6531 0.0 0.1 25672 5864 pts/0 S+ Jun15 0:21 hipd >> nobody 6784 0.0 0.0 13344 1096 pts/2 S Jun15 0:00 >> /usr/sbin/hipfw -bklpF >> root 7695 0.0 0.0 2976 768 pts/1 S+ 15:00 0:00 grep hip >> # ps axu |grep dns >> root 7697 0.0 0.0 2972 760 pts/1 R+ 15:00 0:00 grep dns >> >> >> >> On th server console: >> >> info(update.c:3350@hip_build_locators): Created one local type2 locator >> item: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165 >> info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165 >> info(input.c:460@hip_receive_control_packet): HIT Sender: >> 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 >> info(input.c:461@hip_receive_control_packet): HIT Receiver: >> 2001:0010:46cb:2c84:144e:f93c:4133:c357 >> info(hadb.c:138@hip_hadb_find_byhits): HIT1: >> 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 >> info(hadb.c:139@hip_hadb_find_byhits): HIT2: >> 2001:0010:46cb:2c84:144e:f93c:4133:c357 >> info(output.c:970@hip_xmit_r1): hip_xmit_r1(): ripkt->hitr: >> 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 >> info(input.c:460@hip_receive_control_packet): HIT Sender: >> 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 >> info(input.c:461@hip_receive_control_packet): HIT Receiver: >> 2001:0010:46cb:2c84:144e:f93c:4133:c357 >> info(hadb.c:138@hip_hadb_find_byhits): HIT1: >> 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 >> info(hadb.c:139@hip_hadb_find_byhits): HIT2: >> 2001:0010:46cb:2c84:144e:f93c:4133:c357 >> info(input.c:1669@hip_handle_i2): i2_saddr: >> 2001:0100:0006:5000:0214:6cff:fe53:180a >> info(input.c:1670@hip_handle_i2): i2_daddr: >> 2001:0002:0000:0000:0000:0000:0000:0002 >> info(hadb.c:2248@hip_init_peer): peer's hit: >> 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 >> info(hadb.c:2249@hip_init_peer): entry's hit: >> 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 >> info(xfrmapi.c:513@hip_add_sa): src_hit: >> 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 >> info(xfrmapi.c:514@hip_add_sa): dst_hit: >> 2001:0010:46cb:2c84:144e:f93c:4133:c357 >> info(xfrmapi.c:513@hip_add_sa): src_hit: >> 2001:0010:46cb:2c84:144e:f93c:4133:c357 >> info(xfrmapi.c:514@hip_add_sa): dst_hit: >> 2001:0013:cea1:6bc9:2032:b90b:e96a:2130 >> error(update.c:3074@hip_handle_locator_parameter): No locator to handle >> error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to >> host >> error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to >> host >> info(update.c:3254@hip_build_locators): Created one locator item: : >> 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3275@hip_build_locators): Created one locator item: : >> 192.168.12.165 >> info(update.c:3289@hip_build_locators): Looking for reflexive, prefered >> addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a >> info(update.c:3291@hip_build_locators): Looking for reflexive, local >> addres: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3295@hip_build_locators): Looking for reflexive addr: : >> 0000:0000:0000:0000:0000:0000:0000:0000 >> info(update.c:3350@hip_build_locators): Created one local type2 locator >> item: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165 >> info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165 >> info(update.c:3254@hip_build_locators): Created one locator item: : >> 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3275@hip_build_locators): Created one locator item: : >> 192.168.12.165 >> info(update.c:3289@hip_build_locators): Looking for reflexive, prefered >> addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a >> info(update.c:3291@hip_build_locators): Looking for reflexive, local >> addres: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3295@hip_build_locators): Looking for reflexive addr: : >> 0000:0000:0000:0000:0000:0000:0000:0000 >> info(update.c:3350@hip_build_locators): Created one local type2 locator >> item: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165 >> info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165 >> error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to >> host >> error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to >> host >> info(update.c:3254@hip_build_locators): Created one locator item: : >> 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3275@hip_build_locators): Created one locator item: : >> 192.168.12.165 >> info(update.c:3289@hip_build_locators): Looking for reflexive, prefered >> addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a >> info(update.c:3291@hip_build_locators): Looking for reflexive, local >> addres: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3295@hip_build_locators): Looking for reflexive addr: : >> 0000:0000:0000:0000:0000:0000:0000:0000 >> info(update.c:3350@hip_build_locators): Created one local type2 locator >> item: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165 >> info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165 >> error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to >> host >> error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to >> host >> info(update.c:3254@hip_build_locators): Created one locator item: : >> 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3275@hip_build_locators): Created one locator item: : >> 192.168.12.165 >> info(update.c:3289@hip_build_locators): Looking for reflexive, prefered >> addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a >> info(update.c:3291@hip_build_locators): Looking for reflexive, local >> addres: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3295@hip_build_locators): Looking for reflexive addr: : >> 0000:0000:0000:0000:0000:0000:0000:0000 >> info(update.c:3350@hip_build_locators): Created one local type2 locator >> item: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165 >> info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165 >> info(update.c:3254@hip_build_locators): Created one locator item: : >> 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3275@hip_build_locators): Created one locator item: : >> 192.168.12.165 >> info(update.c:3289@hip_build_locators): Looking for reflexive, prefered >> addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a >> info(update.c:3291@hip_build_locators): Looking for reflexive, local >> addres: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3295@hip_build_locators): Looking for reflexive addr: : >> 0000:0000:0000:0000:0000:0000:0000:0000 >> info(update.c:3350@hip_build_locators): Created one local type2 locator >> item: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165 >> info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165 >> error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to >> host >> error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to >> host >> info(update.c:3254@hip_build_locators): Created one locator item: : >> 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3275@hip_build_locators): Created one locator item: : >> 192.168.12.165 >> info(update.c:3289@hip_build_locators): Looking for reflexive, prefered >> addres: : 2001:0100:0006:5000:0214:6cff:fe53:180a >> info(update.c:3291@hip_build_locators): Looking for reflexive, local >> addres: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(update.c:3295@hip_build_locators): Looking for reflexive addr: : >> 0000:0000:0000:0000:0000:0000:0000:0000 >> info(update.c:3350@hip_build_locators): Created one local type2 locator >> item: : 2001:0002:0000:0000:0000:0000:0000:0002 >> info(debug.c:832@hip_print_locator): LOCATOR from UDP: 192.168.12.165 >> info(debug.c:723@hip_print_locator_addresses): LOCATOR: 192.168.12.165 >> error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to >> host >> error(libhipopendht.c:313@opendht_send): Error opendht_send: No route to >> host >> >> >> >> >> 2009/6/8 Miika Komu <miika.komu@xxxxxxx <mailto:miika.komu@xxxxxxx>> >> >> >> Adrian Alvarez wrote: >> >> Hi, >> >> run "/etc/init.d/hipfw restart" on both sides and please try again. >> It appears that you have the queue rules in place but no hipfw >> running (crashed?). This causes ESP packets to be "stuck". Hope this >> helps... >> >> hello again, >> >> >> I tried adding tcp port 1111 to ip6tqbles and we are still >> unable to transfer data. Here is the information of the system >> at the time of the issue: >> >> Responder information: >> >> SAs >> Sending user message 22 to HIPD on socket 3 >> Sent 40 bytes >> Waiting to receive daemon info. >> 216 bytes received from HIP daemon >> HA is ESTABLISHED >> Local HIT: 2001:0018:ea59:a472:459f:ec45: >> 0cdc:7113 >> Peer HIT: 2001:001a:c2da:a601:1cfd:e9dd:5719:37dc >> Local LSI: 1.0.0.1 >> Peer LSI: 1.0.0.2 >> Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0002 >> Local NAT traversal UDP port: 0 >> Peer IP: 3ffe:0000:0000:0000:0000:0000:0000:0004 >> Peer NAT traversal UDP port: 0 >> Peer hostname: >> >> ip xfrm >> src 3ffe::2 dst 3ffe::4 >> proto esp spi 0x70e176a1 reqid 0 mode beet >> replay-window 0 >> auth hmac(sha1) 0xbd7c623ba16ee3b08c0cfd0619d0f003940d4cec >> enc cbc(aes) 0x82cc95e7d55624bb2dca3ae8302a6fc4 >> sel src 2001:18:ea59:a472:459f:ec45:cdc:7113/128 dst >> 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 >> src 3ffe::4 dst 3ffe::2 >> proto esp spi 0xdfcd7423 reqid 0 mode beet >> replay-window 0 >> auth hmac(sha1) 0x01db34f498c91be1ad6aa858dd765f484d69fc52 >> enc cbc(aes) 0x10a036d9e3558f9dbc1ff00e4e0f28e5 >> sel src 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 dst >> 2001:18:ea59:a472:459f:ec45:cdc:7113/128 >> >> uname >> Linux vault101 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 >> 01:57:59 UTC 2009 i686 GNU/Linux >> >> hipd_config >> >> # Format of this file is as with hipconf, but without hipconf >> prefix >> # add hi default # add all four HITs (see bug id 522) >> # add map HIT IP # preload some HIT-to-IP mappings to hipd >> # add service rvs # the host acts as HIP rendezvous (see also >> /etc/hip/relay_config) >> # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> >> # register to rendezvous server >> hit-to-ip on # resolve HITs to locators in dynamic DNS zone >> # hit-to-ip set hit-to-ip.infrahip.net >> <http://hit-to-ip.infrahip.net> >> <http://hit-to-ip.infrahip.net/>. # resolve HITs to locators in >> dynamic DNS zone >> >> nsupdate off # send dynamic DNS updates >> # heartbeat 10 # send ICMPv6 messages inside HIP tunnels >> # add server rvs hiprvs.infrahip.net >> <http://hiprvs.infrahip.net> <http://hiprvs.infrahip.net/> 50000 >> # Register to free RVS at infrahip >> >> opendht off # turn DHT support on (use /etc/hip/dhtservers to >> define the used server) >> # locator on # host sends all of its locators in base >> exchange >> # opp normal|advanced|none >> # transform order 213 # crypto preference order (1=AES, 2=3DES, >> 3=NULL) >> >> #nat plain-udp # use UDP capsulation (for NATted >> environments) >> debug medium # debug verbosity: all, medium or none >> >> >> iptables >> >> Chain INPUT (policy ACCEPT) >> target prot opt source destination >> HIPFW-INPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> Chain FORWARD (policy ACCEPT) >> target prot opt source destination >> HIPFW-FORWARD all -- 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> Chain OUTPUT (policy ACCEPT) >> target prot opt source destination >> HIPFW-OUTPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> Chain HIPFW-FORWARD (1 >> references) >> target prot opt source destination >> Chain HIPFW-INPUT (1 references) >> target prot opt source destination >> Chain HIPFW-OUTPUT (1 references) >> target prot opt source destination >> QUEUE all -- 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> 1.0.0.0/8 <http://1.0.0.0/8> >> <http://1.0.0.0/8> >> >> >> >> ip6tables >> >> Chain INPUT (policy ACCEPT) >> target prot opt source destination >> HIPFW-INPUT all ::/0 ::/0 >> Chain FORWARD (policy ACCEPT) >> target prot opt source destination >> HIPFW-FORWARD all ::/0 ::/0 >> Chain OUTPUT (policy ACCEPT) >> target prot opt source destination >> HIPFW-OUTPUT all ::/0 ::/0 >> Chain HIPFW-FORWARD (1 references) >> target prot opt source destination >> Chain HIPFW-INPUT (1 references) >> target prot opt source destination >> QUEUE all ::/0 2001:10::/28 >> ps aux|grep hip >> nobody 3615 0.0 0.0 14668 2504 pts/0 S+ 11:30 0:00 >> hipd >> root 4916 0.0 0.0 3336 788 pts/3 R+ 11:43 0:00 >> grep hip >> >> ps aux|grep dns >> root 4918 0.0 0.0 3336 788 pts/3 R+ 11:43 0:00 >> grep dns >> >> >> Initiator's info >> >> >> Sending user message 22 to HIPD on socket 3 >> Sent 40 bytes >> Waiting to receive daemon info. >> 216 bytes received from HIP daemon >> HA is ESTABLISHED >> Local HIT: 2001:001a:c2da:a601:1cfd:e9dd:5719:37dc >> Peer HIT: 2001:0018:ea59:a472:459f:ec45:0cdc:7113 >> Local LSI: 1.0.0.1 >> Peer LSI: 1.0.0.2 >> Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0004 >> Local NAT traversal UDP port: 0 >> Peer IP: 3ffe:0000:0000:0000:0000:0000:0000:0002 >> Peer NAT traversal UDP port: 0 >> Peer hostname: vault101 >> >> >> src 3ffe::4 dst 3ffe::2 >> proto esp spi 0xdfcd7423 reqid 0 mode beet >> replay-window 0 >> auth hmac(sha1) 0x01db34f498c91be1ad6aa858dd765f484d69fc52 >> enc cbc(aes) 0x10a036d9e3558f9dbc1ff00e4e0f28e5 >> sel src 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 dst >> 2001:18:ea59:a472:459f:ec45:cdc:7113/128 >> src 3ffe::2 dst 3ffe::4 >> proto esp spi 0x70e176a1 reqid 0 mode beet >> replay-window 0 >> auth hmac(sha1) 0xbd7c623ba16ee3b08c0cfd0619d0f003940d4cec >> enc cbc(aes) 0x82cc95e7d55624bb2dca3ae8302a6fc4 >> sel src 2001:18:ea59:a472:459f:ec45:cdc:7113/128 dst >> 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 >> >> >> >> >> Linux vault113 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 >> 01:57:59 UTC 2009 i686 GNU/Linux >> >> >> >> # Format of this file is as with hipconf, but without hipconf >> prefix >> # add hi default # add all four HITs (see bug id 522) >> # add map HIT IP # preload some HIT-to-IP mappings to hipd >> # add service rvs # the host acts as HIP rendezvous (see also >> /etc/hip/relay_config) >> # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> >> # register to rendezvous server >> hit-to-ip on # resolve HITs to locators in dynamic DNS zone >> # hit-to-ip set hit-to-ip.infrahip.net >> <http://hit-to-ip.infrahip.net> <http://hit-to-ip.infrahip.net>. >> # resolve HITs to locators in dynamic DNS zone >> >> nsupdate on # send dynamic DNS updates >> # heartbeat 10 # send ICMPv6 messages inside HIP tunnels >> # add server rvs hiprvs.infrahip.net >> <http://hiprvs.infrahip.net> <http://hiprvs.infrahip.net> 50000 >> # Register to free RVS at infrahip >> >> opendht on # turn DHT support on (use /etc/hip/dhtservers to >> define the used server) >> # locator on # host sends all of its locators in base >> exchange >> # opp normal|advanced|none >> # transform order 213 # crypto preference order (1=AES, 2=3DES, >> 3=NULL) >> >> nat plain-udp # use UDP capsulation (for NATted environments) >> debug medium # debug verbosity: all, medium or none >> >> >> >> iptable >> Chain INPUT (policy ACCEPT) >> target prot opt source destination >> HIPFW-INPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> ACCEPT tcp -- 0.0.0.0/0 >> <http://0.0.0.0/0> <http://0.0.0.0/0> 0.0.0.0/0 >> <http://0.0.0.0/0> <http://0.0.0.0/0> tcp dpt:1111 >> >> Chain FORWARD (policy ACCEPT) >> target prot opt source destination >> HIPFW-FORWARD all -- 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> Chain OUTPUT (policy ACCEPT) >> target prot opt source destination >> HIPFW-OUTPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> >> Chain HIPFW-FORWARD (1 references) >> target prot opt source destination >> Chain HIPFW-INPUT (1 references) >> target prot opt source destination >> Chain HIPFW-OUTPUT (1 references) >> target prot opt source destination >> QUEUE all -- 0.0.0.0/0 <http://0.0.0.0/0> >> <http://0.0.0.0/0> 1.0.0.0/8 <http://1.0.0.0/8> >> <http://1.0.0.0/8> >> >> >> >> ip6table >> Chain INPUT (policy ACCEPT) >> target prot opt source destination >> HIPFW-INPUT all ::/0 ::/0 ACCEPT >> tcp ::/0 ::/0 tcp >> dpt:1111 >> >> Chain FORWARD (policy ACCEPT) >> target prot opt source destination >> HIPFW-FORWARD all ::/0 ::/0 Chain >> OUTPUT (policy ACCEPT) >> target prot opt source destination >> HIPFW-OUTPUT all ::/0 ::/0 Chain >> HIPFW-FORWARD (1 references) >> target prot opt source destination >> Chain HIPFW-INPUT (1 references) >> target prot opt source destination >> QUEUE all ::/0 2001:10::/28 Chain >> HIPFW-OUTPUT (1 references) >> target prot opt source destination >> nobody 13663 0.0 0.0 14792 2792 pts/0 S+ 11:36 0:00 >> hipd >> root 14735 0.0 0.0 3336 788 pts/2 R+ 11:52 0:00 >> grep hip >> >> >> >> root 14737 0.0 0.0 3336 792 pts/2 R+ 11:52 0:00 >> grep dns >> >> >> thanks, >> >> >> Adrian >> >> >> >> >> >> On Mon, Jun 8, 2009 at 10:09 AM, Miika Komu <miika.komu@xxxxxxx >> <mailto:miika.komu@xxxxxxx> <mailto:miika.komu@xxxxxxx >> >> <mailto:miika.komu@xxxxxxx>>> wrote: >> >> Adrian Alvarez wrote: >> >> Hi, >> >> I got connection refused, but after allowing tcp port 1111 in >> iptables/ip6tables it started working. >> >> I added some bug reporting instructions to bugzilla. Please >> give all >> information for us to try to reproduce the problem: >> >> http://infrahip.hiit.fi/hipl/manual/ch08.html >> >> Are you running kernel version >= 2.6.27? >> >> Hi all, >> We are having some problems trying establish communications >> between two hosts using hip. We have followed the >> instruction of >> the manual very closely, however, it is impossible to >> transfer >> some date from one host to another using hip. >> >> We are using wireshark to monitor the exchange, and we >> were able >> to observe the following: >> >> 1) HIP base exchange between the two hosts is completed. >> 2) TCP data transfer via HIP is not realized. >> 3) The initiator node sends a TCP SYN with the HIT info, >> but the >> responder node fails to send an ACK back. >> >> This seems similar to Shashank's issue. >> Any light on this matter would be useful. >> >> Thank you all. >> Adrian. >> >> On Sun, Jun 7, 2009 at 3:56 PM, shashank m >> <shashanm@xxxxxxxxx <mailto:shashanm@xxxxxxxxx> >> <mailto:shashanm@xxxxxxxxx <mailto:shashanm@xxxxxxxxx>> >> <mailto:shashanm@xxxxxxxxx <mailto:shashanm@xxxxxxxxx> >> >> <mailto:shashanm@xxxxxxxxx <mailto:shashanm@xxxxxxxxx>>>> >> >> wrote: >> >> Hello, >> I was trying to connect two systems >> locally using hip with an >> IPV6 application given in the >> manual.*Conntest-client* and >> *conntest-server*.I have disabled opendht support >> as I have >> given the mapping between the HIT s and Ipv6 >> addresses >> manually >> using *hipconf*. >> >> >> after executing "Conntest-client-hip [HIT_server] >> tcp 1111" >> >> it prints the mapping with the hit and IPV6 >> address of the >> server and the base exchange happens but the >> messages are not >> transmitted to the server .I think that the >> mapping is not >> working properly in the code .Please do solve the >> problem >> >> >> in the client console i often see this messsae >> >> >> """------State established not triggering >> bex--------" this >> message comes repeatedly .I think this is only >> because of the >> mapping problem .Correct me if I am wrong. >> >> >> >> Thanks in advance, >> >> Regards, >> Shashank.M. >> >> >> >> >> >> >> >> >> >> >> Regards, >> Shashank.M. >> > > > Regards, Shashank.M.