[hipl-users] Re: Problems with RVS

  • From: Paola Venuso <pa.venuso@xxxxxxxxx>
  • To: hipl-users@xxxxxxxxxxxxx
  • Date: Mon, 21 Oct 2013 11:38:23 +0200

Hi,
I sent the email to hipl-users mailing list.
Il giorno 21/ott/2013 11:24, <frances_gao@xxxxxxx> ha scritto:

> who are you?
>
> Sent from my iPhone
>
> On 2013年10月21日, at 10:17, Paola Venuso <pa.venuso@xxxxxxxxx> wrote:
>
> Hi Miika,
>
> I set up three machines and used Teredo addresses to test RVS service but
> it did'nt worked. I captured the traffic with wireshark and there was no
> HIP packets. Also  "hipconf daemon get ha all" showed no HAs.
> I followed the steps on the manual. Is there some particular configuration
> for the host RVS ?
>
> Thank you,
>
> Paola
>
>
>
>
> 2013/10/20 Miika Komu <mkomu@xxxxxxxxx>
>
>> Hi Paola,
>>
>> hmm, the infrahip.net network seems to have some IPv6 connectivity
>> problems at the moment (at least for me), so I recommend that you set up
>> three machines of your own (initiator, rendezvous and responder). A
>> successful registration looks like this:
>>
>> $ sudo hipconf daemon add server rvs 2001:1b:a9be:c6a6:34e5:8361:**c07f:a990
>> 193.167.187.134 1111
>> Requesting 1 service for 1024 seconds (lifetime 0x90) from
>> 2001:1b:a9be:c6a6:34e5:8361:**c07f:a990 193.167.187.134.
>> Sending user message 104 to HIPD on socket 3
>> Sent 96 bytes
>>
>> Waiting to receive daemon info.
>> 96 bytes received from HIP daemon.
>> User message was sent successfully to the HIP daemon.
>>
>>
>> $ hipconf daemon get ha all
>> Sending user message 22 to HIPD on socket 3
>> Sent 40 bytes
>> Waiting to receive daemon info.
>> 456 bytes received from HIP daemon.
>>
>> HA is ESTABLISHED
>>  Shotgun mode is off.
>>  Broadcast mode is off.
>>  Local HIT: 2001:0019:11ac:e3af:2367:11a4:**1a36:36ec
>>  Peer  HIT: 2001:001b:a9be:c6a6:34e5:8361:**c07f:a990
>>  Local LSI: 1.0.0.1
>>  Peer  LSI: 1.0.0.100
>>  Local IP: 192.168.1.127
>>
>>  Local NAT traversal UDP port: 10500
>>  Peer  IP: 193.167.187.134
>>  Peer  NAT traversal UDP port: 10500
>>  Peer  hostname: crossroads.infrahip.net
>>  Peer has granted us rendezvous service
>>                      ^^^^^^^^^^
>> HA is ESTABLISHED
>>
>>
>>
>> On 10/20/2013 01:43 AM, Paola Venuso wrote:
>>
>>> Hi Miika,
>>>
>>> thank you for re-enabling the service. I tried the connection with IPv4
>>> and as you expected it didn't work.
>>> To priorize the IPv6 addresses I edited gai.conf file uncommenting the
>>> lines:
>>>
>>> label ::1/128       0
>>> label ::/0          1
>>> label 2002::/16     2
>>> label ::/96         3
>>> label ::ffff:0:0/96 4
>>> label fec0::/10     5
>>> label fc00::/7      6
>>>
>>> I tested IPv6 visiting ipv6-test.com <http://ipv6-test.com> that gave me
>>>
>>> this result:
>>>
>>> When both protocols are available, your browser uses
>>> IPv6
>>> Your internet connection is IPv6 capable
>>> 2001:0:53aa:64c:807:6e66:a269:**1d27^ [?
>>> <http://db-ip.com/2001%3A0%**3A53aa%3A64c%3A807%3A6e66%**3Aa269%3A1d27<http://db-ip.com/2001%3A0%3A53aa%3A64c%3A807%3A6e66%3Aa269%3A1d27>
>>> >]
>>>
>>> Address type is
>>> Teredo 
>>> <http://wikipedia.org/wiki/**Teredo_tunneling<http://wikipedia.org/wiki/Teredo_tunneling>
>>> >
>>> Tunneling from *93.150.226.216:37273 <http://93.150.226.216:37273>*
>>> (server *83.170.6.76*)
>>>
>>>
>>> So I guess this part is ok.
>>> Then I registered to crossroads using its IPv6 address and tried nc6
>>> connection from the initiator. Previously at the initiator  I edited
>>> /etc/hosts (in wich I included IPv6 address of crossroads and the
>>> responder hostname) and /etc/hip/hosts (in wich I included HIT and
>>> hostname of the responder) and also restarted both machines. But the
>>> initiator couldn't reach the responder.
>>> Did I do something wrong?
>>>
>>> Thanks,
>>>
>>> Paola
>>>
>>>
>>>
>>> 2013/10/19 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>>
>>>
>>>     Hi Paola,
>>>
>>>     I have re-enabled RVS functionality in crossroads and ashenvale now.
>>>     Please bare in mind that a IPv4-over-UDP base exchange may not work
>>>     because your NAT may block it (Teredo may be needed).
>>>
>>>
>>>     On 10/19/2013 04:51 PM, Paola Venuso wrote:
>>>
>>>         Hi Miika,
>>>
>>>         I read on the manual that crossroads could have been used as
>>>         rvs. This
>>>         is written above the table in which are indicated the addresses
>>>         of the
>>>         test servers. Maybe I misunderstood what is written.
>>>         Anyway I'm installing ubuntu on another computer and trying to
>>>         configure
>>>         the server myself.
>>>
>>>         Thanks again,
>>>
>>>         Paola
>>>
>>>         Il giorno 19/ott/2013 14:40, "Miika Komu" <mkomu@xxxxxxxxx
>>>         <mailto:mkomu@xxxxxxxxx>
>>>         <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> ha scritto:
>>>
>>>
>>>
>>>              Hi Paolo,
>>>
>>>              crossroads is not configured to act as a rendezvous (or
>>>         relay). You
>>>              should deploy and install your own rendezvous server. When
>>>         you have
>>>              done so, you will see some additional registration
>>>         information in
>>>              hipconf output at the responder and then also the initiator
>>>         succeeds
>>>              with the base exchange.
>>>
>>>              On 10/18/2013 09:44 PM, Paola Venuso wrote:
>>>
>>>                  Hi Miika,
>>>
>>>                  I replaced Windows with Ubuntu on my PCs and now the
>>> simple
>>>                  connection
>>>                  between the two hosts works perfectly! :D
>>>                  But I have problems with RVS. I tried registering with
>>>         crossoroads.infrahip.net 
>>> <http://crossoroads.infrahip.**net<http://crossoroads.infrahip.net>
>>> >
>>>         <http://crossoroads.infrahip._**_net
>>>         <http://crossoroads.infrahip.**net<http://crossoroads.infrahip.net>
>>> >>
>>>                  <http://crossoroads.infrahip._**___net
>>>
>>>
>>>                  <http://crossoroads.infrahip._**_net
>>>         
>>> <http://crossoroads.infrahip.**net<http://crossoroads.infrahip.net>>>>
>>> and then
>>>                  started the connection (using different configuration).
>>>         Only I1
>>>                  packet
>>>                  was sent. I stopped the connection and run "hipconf
>>>         daemon get
>>>                  ha all".
>>>                  At the responder I had this output:
>>>
>>>                  paola@ProBook:~$ hipconf daemon get ha all
>>>                  Sending user message 22 to HIPD on socket 3
>>>                  Sent 40 bytes
>>>                  Waiting to receive daemon info.
>>>                  240 bytes received from HIP daemon.
>>>                  HA is ESTABLISHED
>>>                     Shotgun mode is off.
>>>                     Broadcast mode is off.
>>>                     Local HIT: 2001:0018:66b5:52d3:e479:7810:**
>>> ____8446:133b
>>>                     Peer  HIT: 2001:001b:a9be:c6a6:34e5:8361:**
>>> ____c07f:a990
>>>
>>>
>>>                     Local LSI: 1.0.0.1
>>>                     Peer  LSI: 1.0.0.2
>>>                     Local IP: 192.168.1.210
>>>                     Local NAT traversal UDP port: 10500
>>>                     Peer  IP: 193.167.187.134
>>>                     Peer  NAT traversal UDP port: 10500
>>>                     Peer  hostname: crossroads.infrahip.net
>>>         <http://crossroads.infrahip.**net<http://crossroads.infrahip.net>
>>> >
>>>                  <http://crossroads.infrahip.__**net
>>>         <http://crossroads.infrahip.**net<http://crossroads.infrahip.net>
>>> >>
>>>                  <http://crossroads.infrahip.__**__net
>>>
>>>         <http://crossroads.infrahip.__**net <http://crossroads.infrahip.
>>> **net <http://crossroads.infrahip.net>>>>
>>>
>>>
>>>
>>>                  While at the initiator I had this output:
>>>
>>>                  paola@ProBook:~$ hipconf daemon get ha all
>>>                  Sending user message 22 to HIPD on socket 3
>>>                  Sent 40 bytes
>>>                  Waiting to receive daemon info.
>>>                  240 bytes received from HIP daemon.
>>>                  HA is I1-SENT
>>>                     Shotgun mode is off.
>>>                     Broadcast mode is off.
>>>                     Local HIT: 20011:0013:e87a:b8e4:68c8:____**
>>> 258b:0fb4:68b8
>>>                     Peer  HIT: 2001:0018:66b5:52d3:e479:7810:**
>>> ____8446:133b
>>>
>>>
>>>                     Local LSI: 1.0.0.1
>>>                     Peer  LSI: 1.0.0.2
>>>                     Local IP: 192.168.1.184
>>>                     Local NAT traversal UDP port: 10500
>>>                     Peer  IP: 193.167.187.134
>>>                     Peer  NAT traversal UDP port: 10500
>>>                     Peer  hostname:
>>>
>>>                  Thanks,
>>>
>>>                  Paola
>>>
>>>
>>>                  2013/10/17 Paola Venuso <pa.venuso@xxxxxxxxx
>>>         <mailto:pa.venuso@xxxxxxxxx>
>>>                  <mailto:pa.venuso@xxxxxxxxx
>>>         <mailto:pa.venuso@xxxxxxxxx>> <mailto:pa.venuso@xxxxxxxxx
>>>         <mailto:pa.venuso@xxxxxxxxx>
>>>
>>>                  <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx
>>> >>>**>
>>>
>>>
>>>                       Hi Miika,
>>>
>>>                       the reason why I used virtual machines is that I
>>>         couldn't
>>>                  use Linux
>>>                       as the host machine. But now I convinced myself to
>>>         use it
>>>                  because
>>>                       this test I have to run is for the last part of my
>>>         thesis
>>>                  in which I
>>>                       have to use InfraHIP implementation. About miredo
>>>                  configuration, I
>>>                       have the default one (I only installed the miredo
>>>         packet as the
>>>                       manual says) .
>>>                       Tonight I'm going to install Linux on my machines
>>>         and then
>>>                  to try
>>>                       again the test. I hope everything would be ok.
>>>         I'll let you
>>>                  know.
>>>
>>>                       Thank you for everything,
>>>
>>>                       Paola
>>>
>>>
>>>                       2013/10/17 Miika Komu <mkomu@xxxxxxxxx
>>>         <mailto:mkomu@xxxxxxxxx>
>>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>>         <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
>>>
>>>                           Hi Paola,
>>>
>>>                           (returning offline discussion to online)
>>>
>>>                           my guess of the origins of your problem is
>>>         that the
>>>                  host machine
>>>                           of your virtual machines is Windows, and it
>>>         does not
>>>                  allow raw
>>>                           sockets, even for virtual machines. This is
>>>         probably
>>>                  the reason
>>>                           why HIP-over-UDP-over-IPv4 works, but
>>>         HIP-over-IPv6
>>>                  doesn't.
>>>
>>>                           If you really want to do NAT traversal with
>>>         HIP, please
>>>                  consider:
>>>
>>>                           1. Using Linux (or OS-X) as the host machine
>>>         (Linux
>>>                  live CD/USB
>>>                           images are available)
>>>                           2. Use HIP over UDP and IPv4, and employ the
>>> relay
>>>                  server as
>>>                           instructed in the manual (the relay server
>>>         requires a
>>>                  public
>>>                           IPv4 address)
>>>
>>>                           Btw, your Teredo configuration is not fully
>>>         functional
>>>                  because I
>>>                           can't reach your VMs, even though you can
>>> reach by
>>>                  yourself.
>>>
>>>                           P.S. OpenHIP has some native support for
>>> Windows.
>>>
>>>
>>>                           On 10/16/2013 07:45 PM, Paola Venuso wrote:
>>>
>>>                               Hi Miika,
>>>
>>>
>>>                               at the initiator:
>>>
>>>                               paola2@ubuntu2:~$ lsmod|grep xfrm
>>>                               xfrm_user              31160  1
>>>                               xfrm_algo              14952  3
>>>         xfrm_user,esp6,esp4
>>>                               xfrm6_mode_beet        12577  1
>>>                               xfrm4_mode_beet        12498  1
>>>
>>>
>>>
>>>                               at the responder :
>>>
>>>                               paola@ubuntu:~$ lsmod|grep xfrm
>>>                               xfrm_user              31160  1
>>>                               xfrm_algo              14952  3
>>>         xfrm_user,esp6,esp4
>>>                               xfrm6_mode_beet        12577  2
>>>                               xfrm4_mode_beet        12498  2
>>>
>>>
>>>                               Then I used ping6 with the server address
>>>         and I
>>>                  could reach
>>>                               it. I
>>>                               invoked add map command and ping6 and
>>>         waited for
>>>                  more then a
>>>                               minute but
>>>                               nothing happened so I stopped it:
>>>
>>>                               paola@ubuntu:~$ ping6
>>>
>>>           2001:10:5403:41fe:a5df:5f02:__**____9680:b6d2PING
>>>
>>>
>>>         2001:10:5403:41fe:a5df:5f02:__**____9680:b6d2(2001:10:5403:**
>>> 41fe:______a5df:5f02:9680:**b6d2)
>>>
>>>                               56 data bytes
>>>                               ^C
>>>                               ---
>>>         2001:10:5403:41fe:a5df:5f02:__**____9680:b6d2 ping
>>>
>>>
>>>                  statistics ---
>>>                               222 packets transmitted, 0 received, 100%
>>>         packet
>>>                  loss, time
>>>                               221196ms
>>>
>>>                               paola@ubuntu:~$ hipconf daemon get ha all
>>>                               Sending user message 22 to HIPD on socket 3
>>>                               Sent 40 bytes
>>>                               Waiting to receive daemon info.
>>>                               240 bytes received from HIP daemon.
>>>                               HA is I1-SENT
>>>                                  Shotgun mode is off.
>>>                                  Broadcast mode is off.
>>>                                  Local HIT:
>>>                  2001:0012:421d:99a0:005d:d60f:**______73b0:4407
>>>                                  Peer  HIT:
>>>                  2001:0010:5403:41fe:a5df:5f02:**______9680:b6d2
>>>
>>>
>>>                                  Local LSI: 1.0.0.1
>>>                                  Peer  LSI: 1.0.0.2
>>>                                  Local IP:
>>>                  3ffe:0000:0000:0000:0000:0000:**______0000:0002
>>>
>>>
>>>                                  Local NAT traversal UDP port: 0
>>>                                  Peer  IP:
>>>                  3ffe:0000:0000:0000:0000:0000:**______0000:0001
>>>
>>>
>>>                                  Peer  NAT traversal UDP port: 0
>>>                                  Peer  hostname:
>>>
>>>
>>>
>>>
>>>
>>>
>>>                               2013/10/16 Miika Komu <mkomu@xxxxxxxxx
>>>         <mailto:mkomu@xxxxxxxxx>
>>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>>                               <mailto:mkomu@xxxxxxxxx
>>>         <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>>         <mailto:mkomu@xxxxxxxxx>>>
>>>                  <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>>         <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>>                               <mailto:mkomu@xxxxxxxxx
>>>         <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>>         <mailto:mkomu@xxxxxxxxx>>>>>
>>>
>>>
>>>
>>>                                    Hi Paola,
>>>
>>>
>>>                                    On 10/16/2013 12:46 PM, Paola Venuso
>>>         wrote:
>>>
>>>                                        Hi Miika,
>>>
>>>                                        I deleted the incorrect line with
>>>                  "hipconf" and
>>>                               changed the
>>>                                        debug mode
>>>                                        to "all". I'm sending two emails
>>>         with the
>>>                  output of
>>>                               the debug
>>>                                        because
>>>                                        the message is too big.
>>>
>>>
>>>                                    What does "lsmod|grep xfrm" give you?
>>> It
>>>                  should be:
>>>                                    xfrm_user              35921  1
>>>                                    xfrm6_mode_beet        12658  7
>>>                                    xfrm4_mode_beet        12611  7
>>>
>>>
>>>                                        This is the output of the
>>> initiator
>>>
>>>
>>>                                    I failed to see any 3ffe::xx/64
>>>         addresses in
>>>                  the log.
>>>                               Did you forget
>>>                                    to invoke "hipconf daemon add map"?
>>>
>>>                                    Here's an example (please do not copy
>>>         paste
>>>                  blindly,
>>>                               you need to
>>>                                    change the addresses and interface
>>>         names):
>>>
>>>                                    server:
>>>                                       sudo ip addr add 3ffe::1/64 dev
>>>         eth0 # add
>>>                  IPv6 addr
>>>                               for server
>>>
>>>                                    client:
>>>                                       sudo ip addr add 3ffe::2/64 dev
>>>         eth0 # add
>>>                  IPv6 addr
>>>                               for client
>>>                                       ping6 3ffe::2 # can you reach the
>>>         server?
>>>                                       sudo hipconf daemon rst all #
>>>         reset hipd
>>>                  daemon state
>>>                                       hipconf daemon add map
>>>                               2001:15:e156:8a78:3226:dbaa:__**
>>> ______f2ff:ed06
>>>                                    3ffe::1
>>>                                       ping6
>>>                  2001:15:e156:8a78:3226:dbaa:__**______f2ff:ed06
>>>
>>>
>>>
>>>                                       <wait for one minute>
>>>                                       PING
>>>
>>>
>>>
>>>         2001:15:e156:8a78:3226:dbaa:__**______f2ff:ed06(2001:15:e156:_**
>>> _8a78:______3226:dbaa:f2ff:__**ed06)
>>>
>>>
>>>                                    56 data bytes
>>>                                    64 bytes from
>>>
>>>           2001:15:e156:8a78:3226:dbaa:__**______f2ff:ed06: icmp_seq=2
>>>
>>>
>>>                                    ttl=64 time=29.8 ms
>>>                                    64 bytes from
>>>
>>>           2001:15:e156:8a78:3226:dbaa:__**______f2ff:ed06: icmp_seq=3
>>>
>>>
>>>
>>>                                    ttl=64 time=47.5 ms
>>>
>>>                                    I'd like to see "hipconf daemon get
>>>         ha all" output
>>>                               after this.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>

Other related posts: