[hipl-users] Re: Problems with RVS
- From: Paola Venuso <pa.venuso@xxxxxxxxx>
- To: hipl-users@xxxxxxxxxxxxx
- Date: Mon, 14 Oct 2013 16:09:17 +0200
Sorry, HIP over IPv6 didn't work.
Il giorno 14/ott/2013 16:04, "Miika Komu" <mkomu@xxxxxxxxx> ha scritto:
> Hi Paola,
>
> what didn't work? Directly IPv6 or HIP-over-IPv6?
>
> On 10/14/2013 04:58 PM, Paola Venuso wrote:
>
>> Hi Miika,
>>
>> Yes, I did. But it didn't work.
>>
>> Il giorno 14/ott/2013 15:40, "Miika Komu" <mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>> ha scritto:
>>
>> Hi Paola,
>>
>> it seems that you got HIP working with IPv4 locators. Did you try
>> with two locally configured IPv6 locators (3ffe::x/64)?
>>
>> On 10/14/2013 02:13 PM, Paola Venuso wrote:
>>
>> Hi Miika,
>>
>> I checked and I think my site firewall isn't blocking Teredo
>> traffic.
>> Anyway this is the output:
>>
>> paola@ubuntu:~$ dig -t aaaa www.google.com
>> <http://www.google.com> <http://www.google.com>
>>
>> ; <<>> DiG 9.8.1-P1 <<>> -t aaaa www.google.com
>> <http://www.google.com> <http://www.google.com>
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27694
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
>> ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;www.google.com <http://www.google.com> <http://www.google.com>.
>> IN AAAA
>>
>> ;; ANSWER SECTION:
>> www.google.com <http://www.google.com> <http://www.google.com>.
>> 300 IN AAAA
>> 2a00:1450:4002:804::1010
>>
>> ;; Query time: 165 msec
>> ;; SERVER: 127.0.0.53#53(127.0.0.53)
>> ;; WHEN: Mon Oct 14 03:22:40 2013
>> ;; MSG SIZE rcvd: 60
>>
>>
>> paola@ubuntu:~$ ping6 2a00:1450:4010:c04::68
>> PING 2a00:1450:4010:c04::68(2a00:__**1450:4010:c04::68) 56 data
>> bytes
>> 64 bytes from 2a00:1450:4010:c04::68: icmp_seq=1 ttl=55 time=371
>> ms
>> 64 bytes from 2a00:1450:4010:c04::68: icmp_seq=2 ttl=55 time=110
>> ms
>> 64 bytes from 2a00:1450:4010:c04::68: icmp_seq=3 ttl=55 time=110
>> ms
>> ^C
>> --- 2a00:1450:4010:c04::68 ping statistics ---
>> 3 packets transmitted, 3 received, 0% packet loss, time 2004ms
>> rtt min/avg/max/mdev = 110.529/197.440/371.075/122.__**778 ms
>>
>>
>>
>> paola@ubuntu:~$ ip route get 2a00:1450:4010:c04::68
>> 2a00:1450:4010:c04::68 from :: via 2a00:1450:4010:c04::68 dev
>> teredo
>> src 2001:0:53aa:64c:2cb6:3c14:__**4367:467f metric 0
>> cache
>>
>>
>> I also tried with your test machine:
>>
>> paola@ubuntu:~$ ping6 2001:0:53aa:64c:3026:52b2:__**ad4a:8b91
>> PING
>> 2001:0:53aa:64c:3026:52b2:__**ad4a:8b91(2001:0:53aa:64c:__**
>> 3026:52b2:ad4a:8b91)
>> 56 data bytes
>> 64 bytes from 2001:0:53aa:64c:3026:52b2:__**ad4a:8b91: icmp_seq=1
>> ttl=64
>> time=243 ms
>> 64 bytes from 2001:0:53aa:64c:3026:52b2:__**ad4a:8b91: icmp_seq=2
>> ttl=64
>> time=112 ms
>> ^C
>> --- 2001:0:53aa:64c:3026:52b2:__**ad4a:8b91 ping statistics ---
>> 2 packets transmitted, 2 received, 0% packet loss, time 1000ms
>> rtt min/avg/max/mdev = 112.229/177.819/243.410/65.591 ms
>>
>>
>>
>>
>> Then I tried in my network:
>>
>> - with eth0 I got only I1 packet
>> - with Teredo I got "destination unreachable" error
>>
>> And when I stopped ping6 there was 100% of packet loss. I also
>> tried to
>> edit manually the hosts files with different configuration but
>> the same
>> happened.
>>
>> Thanks,
>>
>> Paola
>>
>>
>>
>> 2013/10/12 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
>>
>> Hi Paola,
>>
>> initially, Teredo traffic is forwarded through a Teredo
>> server to
>> guaranteee NAT traversal and then miredo software tries to
>> pinhole
>> the NAT. My guess is that your *site* firewall is blocking
>> the
>> inital messages with the Teredo server. You can double
>> check this as
>> follows:
>>
>> mkomu@bling:~$ dig -t aaaa www.google.com
>> <http://www.google.com> <http://www.google.com>
>>
>> ; <<>> DiG 9.8.1-P1 <<>> -t aaaa www.google.com
>> <http://www.google.com> <http://www.google.com>
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12399
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
>> ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;www.google.com <http://www.google.com>
>> <http://www.google.com>. IN
>> AAAA
>>
>> ;; ANSWER SECTION:
>> www.google.com <http://www.google.com> <http://www.google.com>.
>> 214 IN AAAA
>> 2a00:1450:4010:c03::93
>>
>> ;; Query time: 333 msec
>> ;; SERVER: 193.229.0.40#53(193.229.0.40)
>> ;; WHEN: Sat Oct 12 14:20:35 2013
>> ;; MSG SIZE rcvd: 60
>>
>> mkomu@bling:~$ ping6 2a00:1450:4010:c04::68
>> PING 2a00:1450:4010:c04::68(2a00:__**__1450:4010:c04::68) 56
>> data bytes
>> 64 bytes from 2a00:1450:4010:c04::68: icmp_seq=1 ttl=55
>> time=1363 ms
>> 64 bytes from 2a00:1450:4010:c04::68: icmp_seq=2 ttl=55
>> time=441 ms
>> ^C
>> --- 2a00:1450:4010:c04::68 ping statistics ---
>> 2 packets transmitted, 2 received, 0% packet loss, time
>> 1000ms
>> rtt min/avg/max/mdev = 441.913/902.595/1363.277/460._**
>> ___682
>> ms, pipe 2
>> mkomu@bling:~$ ip route get 2a00:1450:4010:c04::68
>> 2a00:1450:4010:c04::68 from :: via 2a00:1450:4010:c04::68
>> dev teredo
>> src 2001:0:53aa:64c:473:6a2c:ab19:**____60e3 metric 0
>>
>> If this does not work for you, it probably means that the
>> firewall
>> your site is blocking Teredo. You can contact your site
>> administrator to open the UDP port 3544.
>>
>> You can also try the
>> 2001:0:53aa:64c:3026:52b2:____**ad4a:8b91 (my test
>> machine) which is actually behind a real NAT unlike the
>> google
>> server. If you can reach google server, but not mine, it
>> most likely
>> means that either of us is using a p2p-incompatible NAT.
>>
>> You can also try e.g. 3ffe::x/64 address space for local
>> experiments
>> in your local LAN (or WLAN). Just configure it to the eth0
>> (or other
>> device) for two machines and try pinging each other.
>>
>>
>> On 10/11/2013 09:03 PM, Paola Venuso wrote:
>>
>> Hi Miika,
>>
>> I uncommented the line "Bindport 3545" in file
>> miredo.conf as I
>> read on
>> the man page of miredo and checked ufw files for rules
>> blocking IPv6
>> traffic (I uncommented two about forwarding, the others
>> about
>> enabling
>> this traffic were already uncommented). Then I tried
>> ping6 the
>> locators
>> and I got the message: unknown host.
>> Also I tried manual set up with IPv4-based locators, as
>> you
>> wrote me,
>> and my host exchanged HIP UPDATE and I1, R1, I2, R2
>> packets with
>> another
>> host, with address193.167.187.149, that I don't know
>> but I guess
>> maybe
>> it's one of infrahip servers.
>> Anyway, I am not sure I checked correctly for rules
>> about IPv6
>> traffic.
>> What should I do about this? Could all this problems be
>> connected also
>> with virtual machine net configuration? It is NAT by
>> default,
>> but there
>> are some other options.
>>
>> Thanks for all the help you're giving to me.
>>
>> Paola
>>
>>
>> 2013/10/11 Miika Komu <mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
>>
>>
>> Hi Paola,
>>
>> it seems your installation is fine. Base on my own
>> experiences, I
>> think that a middlebox (firewall) is blocking your
>> IPv6
>> traffic (in
>> the case of Teredo it's UDP port 3544). Did you try
>> to
>> ping6 the
>> routable addresses (locators)?
>>
>> I also recommend trying a manual set up with
>> IPv4-based
>> locators as
>> follows:
>>
>> hipconf daemon rst all
>> hipconf daemon add map PEER_HIT PEER_IPV4_ADDRESS
>> ping6 PEER_HIT
>>
>>
>> On 10/10/2013 12:42 AM, Paola Venuso wrote:
>>
>> Hi Miika,
>>
>> hipd is running at the responder, the firewall
>> is not
>> blocking HIP
>> traffic and I don't use redhat-based distro.
>> This is the output of the commands from the
>> manual:
>>
>> paola@ubuntu:~$ dpkg -l 'hipl*'
>> Desired=Unknown/Install/______**
>> Remove/Purge/Hold
>> |
>>
>>
>> Status=Not/Inst/Conf-files/___**___Unpacked/halF-conf/Half-**
>> inst/______trig-aWait/Trig-**pend
>>
>> |/ Err?=(none)/Reinst-required (Status,Err:
>> uppercase=bad)
>> ||/ Nome Versione Descrizione
>>
>>
>> +++-==============-===========**______===-====================**
>> ==__==__==__==================
>>
>> ii hipl-all 1.0.8-6429 HIP for
>> Linux full
>> software bundle
>> ii hipl-daemon 1.0.8-6429 HIP for
>> Linux IPsec key
>> management and
>> mobil
>> ii hipl-dnsproxy 1.0.8-6429 HIP for
>> Linux name
>> lookup proxy
>> ii hipl-doc 1.0.8-6429 HIP for Linux
>> documentation
>> ii hipl-firewall 1.0.8-6429 HIP for Linux
>> multi-purpose
>> firewall
>> daemon
>> un hipl-minimal <nessuna> (nessuna
>> descrizione
>> disponibile)
>> un hipl-tools <nessuna> (nessuna
>> descrizione
>> disponibile)
>> paola@ubuntu:~$ hipconf daemon get ha all
>> Sending user message 22 to HIPD on socket 3
>> Sent 40 bytes
>> Waiting to receive daemon info.
>> 240 bytes received from HIP daemon.
>> HA is I1-SENT
>> Shotgun mode is off.
>> Broadcast mode is off.
>> Local HIT:
>> 2001:0012:421d:99a0:005d:d60f:**______73b0:4407
>> Peer HIT:
>> 2001:001a:2a72:f01c:d98e:311c:**______c76a:57c4
>>
>> Local LSI: 1.0.0.1
>> Peer LSI: 1.0.0.2
>> Local IP:
>> 2001:0000:53aa:064c:2cde:3e12:**______4367:467f
>>
>> Local NAT traversal UDP port: 10500
>> Peer IP:
>> 2001:0708:0140:0220:0000:0000:**______0000:0016
>>
>> Peer NAT traversal UDP port: 10500
>> Peer hostname:
>>
>>
>>
>> ------------------------------**______------------------------**
>> --__--__--__------------------**----__----__----__------------**
>> ------__------__------
>>
>>
>> paola@ubuntu:~$ uname -a
>> Linux ubuntu 3.5.0-41-generic
>> #64~precise1-Ubuntu SMP
>> Thu Sep 12
>> 17:01:55 UTC 2013 i686 i686 i386 GNU/Linux
>> paola@ubuntu:~$ lsb_release -a
>> No LSB modules are available.
>> Distributor ID: Ubuntu
>> Description: Ubuntu 12.04.3 LTS
>> Release: 12.04
>> Codename: precise
>>
>>
>>
>> ------------------------------**______------------------------**
>> --__--__--__------------------**----__----__----__------------**
>> ------__------__------
>>
>>
>> paola@ubuntu:~$ cat /etc/hip/hipd.conf
>> # Format of this file is as with hipconf, but
>> without
>> "hipconf
>> daemon"
>> prefix
>> # add hi default # add all four HITs (see
>> bug id 592127)
>> # add map HIT IP # preload some HIT-to-IP
>> mappings
>> to hipd
>> # add service rvs # the host acts as HIP
>> rendezvous
>> (also see
>> relay.conf)
>> # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME>
>> <lifetime-secs> #
>> register to rendezvous server
>> # add server relay [RELAY-HIT]
>> <RVS-IP-OR-HOSTNAME>
>> <lifetime-secs> #
>> register to relay server
>> # add server full-relay [RELAY-HIT]
>> <RVS-IP-OR-HOSTNAME>
>> <lifetime-secs>
>> # register to relay server
>> hit-to-ip on # resolve HITs to locators in
>> dynamic DNS zone
>> # hit-to-ip set hit-to-ip.infrahip.net
>> <http://hit-to-ip.infrahip.net**>
>>
>> <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >
>> <http://hit-to-ip.infrahip.__**net__
>> <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >>
>> <http://hit-to-ip.infrahip.___**_net__
>> <http://hit-to-ip.infrahip.__**net__
>> <http://hit-to-ip.infrahip.**net__<http://hit-to-ip.infrahip.net__>
>> >>>.
>>
>>
>> # resolve HITs to locators in dynamic DNS zone
>> nsupdate on # send dynamic DNS updates
>> # add server rvs hiprvs.infrahip.net
>> <http://hiprvs.infrahip.net>
>> <http://hiprvs.infrahip.net>
>> <http://hiprvs.infrahip.net>
>> <http://hiprvs.infrahip.net> 50000
>>
>>
>> # Register to free RVS at infrahip
>> # heartbeat 10 # send ICMPv6 messages inside
>> HIP tunnels
>> # locator on # host sends all of its
>> locators in
>> base
>> exchange
>> # shotgun on # use all possible src/dst IP
>> combinations
>> to send
>> I1/UPDATE
>> # broadcast on # broadcast to LAN if no
>> matching IP
>> address found
>> # opp normal|advanced|none
>> # transform order 213 # crypto preference
>> order (1=AES,
>> 2=3DES,
>> 3=NULL)
>> nat plain-udp # use UDP capsulation (for
>> NATted
>> environments)
>> #nat port local 11111 # change local default
>> UDP port
>> #nat port peer 22222 # change local peer UDP
>> port
>> debug medium # debug verbosity: all,
>> medium, low
>> or none
>> default-hip-version 1 # default HIP version
>> number for
>> the I1
>> message.
>> (1=HIPv1, 2=HIPv2)
>>
>>
>>
>> ------------------------------**______------------------------**
>> --__--__--__------------------**----__----__----__------------**
>> ------__------__------
>>
>>
>> paola@ubuntu:~$ sudo iptables -L -n
>> Chain INPUT (policy ACCEPT)
>> target prot opt source
>> destination
>> HIPFW-INPUT all -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT 139 -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT 139 -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT udp -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> udp spt:10500
>> ACCEPT esp -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT icmpv6-- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT all -- 1.0.0.0/8
>> <http://1.0.0.0/8> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>> <http://1.0.0.0/8> 1.0.0.0/8
>> <http://1.0.0.0/8> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>>
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source
>> destination
>> HIPFW-FORWARD all -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>>
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source
>> destination
>> HIPFW-OUTPUT all -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT 139 -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT udp -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> udp dpt:10500
>> ACCEPT esp -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT icmpv6-- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> ACCEPT all -- 1.0.0.0/8
>> <http://1.0.0.0/8> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>> <http://1.0.0.0/8> 1.0.0.0/8
>> <http://1.0.0.0/8> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>>
>>
>> Chain HIPFW-FORWARD (1 references)
>> target prot opt source
>> destination
>>
>> Chain HIPFW-INPUT (1 references)
>> target prot opt source
>> destination
>> NFQUEUE udp -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> udp spt:10500
>> NFQUEUE num 0
>> NFQUEUE udp -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> udp dpt:10500
>> NFQUEUE num 0
>> NFQUEUE esp -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> NFQUEUE num 0
>>
>>
>> Chain HIPFW-OUTPUT (1 references)
>> target prot opt source
>> destination
>> NFQUEUE all -- 0.0.0.0/0
>> <http://0.0.0.0/0> <http://0.0.0.0/0>
>> <http://0.0.0.0/0>
>> <http://0.0.0.0/0> 1.0.0.0/8
>> <http://1.0.0.0/8> <http://1.0.0.0/8>
>> <http://1.0.0.0/8>
>> <http://1.0.0.0/8> NFQUEUE num 0
>>
>>
>>
>>
>> ------------------------------**______------------------------**
>> --__--__--__------------------**----__----__----__------------**
>> ------__------__------
>>
>>
>>
>> paola@ubuntu:~$ sudo ip6tables -L -n
>> Chain INPUT (policy ACCEPT)
>> target prot opt source
>> destination
>> HIPFW-INPUT all ::/0 ::/0
>> ACCEPT all 2001:10::/28
>> 2001:10::/28
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source
>> destination
>> HIPFW-FORWARD all ::/0
>> ::/0
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source
>> destination
>> HIPFW-OUTPUT all ::/0 ::/0
>> ACCEPT all 2001:10::/28
>> 2001:10::/28
>>
>> Chain HIPFW-FORWARD (1 references)
>> target prot opt source
>> destination
>>
>> Chain HIPFW-INPUT (1 references)
>> target prot opt source
>> destination
>> NFQUEUE esp ::/0 ::/0
>> NFQUEUE num 1
>> NFQUEUE all ::/0
>> 2001:10::/28
>> NFQUEUE num 1
>>
>> Chain HIPFW-OUTPUT (1 references)
>> target prot opt source
>> destination
>> NFQUEUE udp ::/0
>> 2001:10::/28
>> NFQUEUE num 1
>> NFQUEUE icmp ::/0
>> 2001:10::/28
>> NFQUEUE num 1
>> NFQUEUE tcp ::/0
>> 2001:10::/28
>> NFQUEUE num 1
>> NFQUEUE icmpv6 ::/0
>> 2001:10::/28
>> NFQUEUE num 1
>>
>>
>>
>> ------------------------------**______------------------------**
>> --__--__--__------------------**----__----__----__------------**
>> ------__------__------
>>
>>
>> paola@ubuntu:~$ ps axu | grep hip
>> nobody 1002 0.0 0.1 4980 2004 ? S
>> 14:21 0:00
>> /usr/sbin/hipd -bkN
>> nobody 1092 0.0 0.1 5116 1220 ? S
>> 14:21 0:00
>> /usr/sbin/hipfw -bklpFi
>> root 1477 0.0 0.6 10860 6576 ? S
>> 14:21 0:00
>> python
>> /usr/sbin/hipdnsproxy -k
>> root 3144 0.0 0.0 0 0 ? Z
>> 14:22 0:00
>> [hipconf] <defunct>
>> paola 3304 0.0 0.0 4412 832 pts/0
>> S+
>> 14:32 0:00
>> grep
>> --color=auto hip
>>
>>
>>
>> ------------------------------**______------------------------**
>> --__--__--__------------------**----__----__----__------------**
>> ------__------__------
>>
>>
>> paola@ubuntu:~$ ps axu | grep dns
>> root 1477 0.0 0.6 10860 6576 ? S
>> 14:21 0:00
>> python
>> /usr/sbin/hipdnsproxy -k
>> nobody 2155 0.0 0.1 5400 1388 ? S
>> 14:21 0:00
>> /usr/sbin/dnsmasq --no-resolv
>> --keep-in-foreground
>> --no-hosts
>> --bind-interfaces
>>
>>
>> --pid-file=/var/run/sendsigs._**_____omit.d/network-manager.__**
>> ____dnsmasq.pid
>> --listen-address=127.0.0.1
>> --conf-file=/var/run/nm-dns-__**
>> ____dnsmasq.conf
>> --cache-size=0 --proxy-dnssec --enable-dbus
>> --conf-dir=/etc/______**
>> NetworkManager/dnsmasq.d
>>
>> paola 3307 0.0 0.0 4412 836 pts/0
>> S+
>> 14:32 0:00
>> grep
>> --color=auto dns
>>
>>
>> Thanks a lot,
>>
>> Paola
>>
>>
>> 2013/10/9 Miika Komu <mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
>> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>
>>
>>
>> Hi Paola,
>>
>> please provide some more information as
>> instructed
>> in the
>> manual:
>>
>>
>> http://hipl.hiit.fi/hipl/_____**___manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/________manual/HOWTO.html#quick>
>>
>> <http://hipl.hiit.fi/hipl/____**__manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/______manual/HOWTO.html#quick>
>> >
>> <http://hipl.hiit.fi/hipl/____**
>> __manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/______manual/HOWTO.html#quick>
>>
>> <http://hipl.hiit.fi/hipl/____**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/____manual/HOWTO.html#quick>
>> >>
>>
>>
>> <http://hipl.hiit.fi/hipl/____**__manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/______manual/HOWTO.html#quick>
>>
>> <http://hipl.hiit.fi/hipl/____**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/____manual/HOWTO.html#quick>
>> >
>>
>> <http://hipl.hiit.fi/hipl/____**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/____manual/HOWTO.html#quick>
>>
>> <http://hipl.hiit.fi/hipl/__**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/__manual/HOWTO.html#quick>
>> >>>
>>
>>
>>
>>
>>
>> <http://hipl.hiit.fi/hipl/____**__manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/______manual/HOWTO.html#quick>
>>
>> <http://hipl.hiit.fi/hipl/____**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/____manual/HOWTO.html#quick>
>> >
>>
>> <http://hipl.hiit.fi/hipl/____**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/____manual/HOWTO.html#quick>
>>
>> <http://hipl.hiit.fi/hipl/__**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/__manual/HOWTO.html#quick>
>> >>
>>
>>
>> <http://hipl.hiit.fi/hipl/____**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/____manual/HOWTO.html#quick>
>>
>> <http://hipl.hiit.fi/hipl/__**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/__manual/HOWTO.html#quick>
>> >
>>
>> <http://hipl.hiit.fi/hipl/__**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/__manual/HOWTO.html#quick>
>>
>> <http://hipl.hiit.fi/hipl/**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/manual/HOWTO.html#quick>
>> >>>>
>>
>> Some additional questions:
>>
>> * Are running hipd at the responder?
>> * Is there a firewall blocking HIP traffic
>> (default UDP
>> port 10500)
>> * If you use redhat-based distro, have you
>> disabled SElinux
>> (please
>> refer to the manual)?
>>
>>
>> On 10/09/2013 12:27 PM, Paola Venuso wrote:
>>
>> Hi,
>> I have an update. I tried again direct
>> communication
>> and now the
>> initiator can send the I1 packet. I
>> tried also
>> with Teredo
>> addresses but
>> its the same, I can see only I1 packet.
>>
>>
>> 2013/10/8 Paola Venuso
>> <pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>
>> <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx
>> >>
>> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx>>>
>> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx>
>> <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx
>> >>
>> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx>
>> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx>>>**> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx>
>> <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx
>> >>
>> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx>>>
>>
>> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx>
>> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx>> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx>
>> <mailto:pa.venuso@xxxxxxxxx
>> <mailto:pa.venuso@xxxxxxxxx>>>**>__>__>
>>
>>
>>
>> I typed wrong the name of the
>> version,
>> I've already
>> installed the
>> latest version. Anyway I tried
>> out direct
>> communications as you
>> said, with different
>> configurations, but
>> with no
>> success.
>> I'm sorry
>> to bother you but I don't know
>> what else
>> to do. I
>> read the
>> manual
>> several times but obviously I'm
>> still missing
>> something. Maybe
>> something about hipl firewall?
>>
>> Thanks for your help.
>>
>>
>>
>>
>> 2013/10/8 Miika Komu
>> <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>>>
>> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
>> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
>>
>> <mailto:mkomu@xxxxxxxxx
>> <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>>
>>
>>
>>
>> Hi Paola,
>>
>>
>> On 10/08/2013 01:44 PM,
>> Paola Venuso
>> wrote:
>>
>> Hi Miika,
>> Thanks for the quik
>> answer. I'll
>> try what
>> you said.
>> About
>> the latest
>> version, where can I
>> find it? I
>> downloaded
>> the hipl
>> 1.0.7
>> release from
>> the infrahip site but I
>> saw
>> nothing about the
>> latest version.
>>
>> Thank you very much,
>>
>>
>> Source code:
>>
>>
>> http://hipl.hiit.fi/index.php?**__________index=source<http://hipl.hiit.fi/index.php?__________index=source>
>>
>> <http://hipl.hiit.fi/index.**php?________index=source<http://hipl.hiit.fi/index.php?________index=source>
>> >
>>
>> <http://hipl.hiit.fi/index.__**php?______index=source<http://hipl.hiit.fi/index.__php?______index=source>
>>
>> <http://hipl.hiit.fi/index.**php?______index=source<http://hipl.hiit.fi/index.php?______index=source>
>> >>
>>
>>
>> <http://hipl.hiit.fi/index.___**_php?____index=source<http://hipl.hiit.fi/index.____php?____index=source>
>>
>> <http://hipl.hiit.fi/index.__**php?____index=source<http://hipl.hiit.fi/index.__php?____index=source>
>> >
>>
>> <http://hipl.hiit.fi/index.__**php?____index=source<http://hipl.hiit.fi/index.__php?____index=source>
>>
>> <http://hipl.hiit.fi/index.**php?____index=source<http://hipl.hiit.fi/index.php?____index=source>
>> >>>
>>
>>
>> <http://hipl.hiit.fi/index.___**___php?__index=source<http://hipl.hiit.fi/index.______php?__index=source>
>>
>> <http://hipl.hiit.fi/index.___**_php?__index=source<http://hipl.hiit.fi/index.____php?__index=source>
>> >
>>
>> <http://hipl.hiit.fi/index.___**_php?__index=source<http://hipl.hiit.fi/index.____php?__index=source>
>>
>> <http://hipl.hiit.fi/index.__**php?__index=source<http://hipl.hiit.fi/index.__php?__index=source>
>> >>
>>
>>
>> <http://hipl.hiit.fi/index.___**_php?__index=source<http://hipl.hiit.fi/index.____php?__index=source>
>>
>> <http://hipl.hiit.fi/index.__**php?__index=source<http://hipl.hiit.fi/index.__php?__index=source>
>> >
>>
>> <http://hipl.hiit.fi/index.__**php?__index=source<http://hipl.hiit.fi/index.__php?__index=source>
>>
>> <http://hipl.hiit.fi/index.**php?__index=source<http://hipl.hiit.fi/index.php?__index=source>
>> >>>>
>>
>>
>>
>>
>> <http://hipl.hiit.fi/index.___**_____php?index=source<http://hipl.hiit.fi/index.________php?index=source>
>>
>> <http://hipl.hiit.fi/index.___**___php?index=source<http://hipl.hiit.fi/index.______php?index=source>
>> >
>>
>> <http://hipl.hiit.fi/index.___**___php?index=source<http://hipl.hiit.fi/index.______php?index=source>
>>
>> <http://hipl.hiit.fi/index.___**_php?index=source<http://hipl.hiit.fi/index.____php?index=source>
>> >>
>>
>>
>> <http://hipl.hiit.fi/index.___**___php?index=source<http://hipl.hiit.fi/index.______php?index=source>
>>
>> <http://hipl.hiit.fi/index.___**_php?index=source<http://hipl.hiit.fi/index.____php?index=source>
>> >
>>
>> <http://hipl.hiit.fi/index.___**_php?index=source<http://hipl.hiit.fi/index.____php?index=source>
>>
>> <http://hipl.hiit.fi/index.__**php?index=source<http://hipl.hiit.fi/index.__php?index=source>
>> >>>
>>
>>
>>
>>
>> <http://hipl.hiit.fi/index.___**___php?index=source<http://hipl.hiit.fi/index.______php?index=source>
>>
>> <http://hipl.hiit.fi/index.___**_php?index=source<http://hipl.hiit.fi/index.____php?index=source>
>> >
>>
>> <http://hipl.hiit.fi/index.___**_php?index=source<http://hipl.hiit.fi/index.____php?index=source>
>>
>> <http://hipl.hiit.fi/index.__**php?index=source<http://hipl.hiit.fi/index.__php?index=source>
>> >>
>>
>>
>> <http://hipl.hiit.fi/index.___**_php?index=source<http://hipl.hiit.fi/index.____php?index=source>
>>
>> <http://hipl.hiit.fi/index.__**php?index=source<http://hipl.hiit.fi/index.__php?index=source>
>> >
>>
>> <http://hipl.hiit.fi/index.__**php?index=source<http://hipl.hiit.fi/index.__php?index=source>
>>
>> <http://hipl.hiit.fi/index.**php?index=source<http://hipl.hiit.fi/index.php?index=source>
>> >>>>>
>>
>> There are multiple ways to
>> get HIPL
>> source
>> code: binary
>> release,
>> bazaar and the nightly
>> tarball.
>>
>> The binaries are here:
>>
>>
>> http://hipl.hiit.fi/index.php?**__________index=download<http://hipl.hiit.fi/index.php?__________index=download>
>>
>> <http://hipl.hiit.fi/index.**php?________index=download<http://hipl.hiit.fi/index.php?________index=download>
>> >
>>
>> <http://hipl.hiit.fi/index.__**php?______index=download<http://hipl.hiit.fi/index.__php?______index=download>
>>
>> <http://hipl.hiit.fi/index.**php?______index=download<http://hipl.hiit.fi/index.php?______index=download>
>> >>
>>
>>
>> <http://hipl.hiit.fi/index.___**_php?____index=download<http://hipl.hiit.fi/index.____php?____index=download>
>>
>> <http://hipl.hiit.fi/index.__**php?____index=download<http://hipl.hiit.fi/index.__php?____index=download>
>> >
>>
>> <http://hipl.hiit.fi/index.__**php?____index=download<http://hipl.hiit.fi/index.__php?____index=download>
>>
>> <http://hipl.hiit.fi/index.**php?____index=download<http://hipl.hiit.fi/index.php?____index=download>
>> >>>
>>
>> <http://hipl.hiit.fi/index.___**
>> ___php?__index=download<http://hipl.hiit.fi/index.______php?__index=download>
>>
>> <http://hipl.hiit.fi/index.___**_php?__index=download<http://hipl.hiit.fi/index.____php?__index=download>
>> >
>>
>> <http://hipl.hiit.fi/index.___**_php?__index=download<http://hipl.hiit.fi/index.____php?__index=download>
>>
>> <http://hipl.hiit.fi/index.__**php?__index=download<http://hipl.hiit.fi/index.__php?__index=download>
>> >>
>>
>>
>> <http://hipl.hiit.fi/index.___**_php?__index=download<http://hipl.hiit.fi/index.____php?__index=download>
>>
>> <http://hipl.hiit.fi/index.__**php?__index=download<http://hipl.hiit.fi/index.__php?__index=download>
>> >
>>
>> <http://hipl.hiit.fi/index.__**php?__index=download<http://hipl.hiit.fi/index.__php?__index=download>
>>
>> <http://hipl.hiit.fi/index.**php?__index=download<http://hipl.hiit.fi/index.php?__index=download>
>> >>>>
>>
>>
>>
>> <http://hipl.hiit.fi/index.___**_____php?index=download<http://hipl.hiit.fi/index.________php?index=download>
>>
>> <http://hipl.hiit.fi/index.___**___php?index=download<http://hipl.hiit.fi/index.______php?index=download>
>> >
>>
>> <http://hipl.hiit.fi/index.___**___php?index=download<http://hipl.hiit.fi/index.______php?index=download>
>>
>> <http://hipl.hiit.fi/index.___**_php?index=download<http://hipl.hiit.fi/index.____php?index=download>
>> >>
>>
>>
>> <http://hipl.hiit.fi/index.___**___php?index=download<http://hipl.hiit.fi/index.______php?index=download>
>>
>> <http://hipl.hiit.fi/index.___**_php?index=download<http://hipl.hiit.fi/index.____php?index=download>
>> >
>>
>> <http://hipl.hiit.fi/index.___**_php?index=download<http://hipl.hiit.fi/index.____php?index=download>
>>
>> <http://hipl.hiit.fi/index.__**php?index=download<http://hipl.hiit.fi/index.__php?index=download>
>> >>>
>
> ...
Other related posts:
