Hi Paola,
I tried rendezvous in my local network. For me, Teredo addresses failed
to work, possibly because of so called NAT hairpinning problems (all
hosts behind the same NAT), so I could not run any traffic on top of
Teredo. So, I will show you how it works on plain IPv6.
The hosts are:
Initiator: 3ffe::1
Rendezvous 3ffe::2
Responder: 3ffe::3
1. Enable rendezvous at rendezvous (you can also modify hipd.conf):
sudo hipconf daemon add service rvs
2. Register to rvs at the the responder and verify it works:
sudo hipconf daemon add server rvs
2001:1a:493f:a501:6481:6b4:cfdb:6d4e 3ffe::2 11111
hipconf daemon get ha all
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
248 bytes received from HIP daemon.
HA is ESTABLISHED
Shotgun mode is off.
Broadcast mode is off.
Local HIT: 2001:0016:8c08:9ca9:9e41:059d:95e7:7d2f
Peer HIT: 2001:001a:493f:a501:6481:06b4:cfdb:6d4e
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.2
Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0003
Local NAT traversal UDP port: 0
Peer IP: 3ffe:0000:0000:0000:0000:0000:0000:0002
Peer NAT traversal UDP port: 0
Peer hostname: debian32
Peer has granted us rendezvous service
3. Initiate base exchange at the initiator (via rvs)
hipconf daemon add map 2001:16:8c08:9ca9:9e41:059d:95e7:7d2f 3ffe::2
ping6 2001:16:8c08:9ca9:9e41:059d:95e7:7d2f
root@gaijin:~# ping6 2001:16:8c08:9ca9:9e41:059d:95e7:7d2f
PING
2001:16:8c08:9ca9:9e41:059d:95e7:7d2f(2001:16:8c08:9ca9:9e41:59d:95e7:7d2f)
56 data bytes
64 bytes from 2001:16:8c08:9ca9:9e41:59d:95e7:7d2f: icmp_seq=2 ttl=64
time=1.44 ms
64 bytes from 2001:16:8c08:9ca9:9e41:59d:95e7:7d2f: icmp_seq=3 ttl=64
time=1.36 ms
I was also running tcpdump at the initiator to make sure that the
traffic goes through the rvs:
tcpdump -n -i any proto 139 or esp
13:20:33.356457 IP6 3ffe::1 > 3ffe::2: ip-proto-139 40
13:20:33.397397 IP6 3ffe::3 > 3ffe::1: ip-proto-139 664
13:20:33.417302 IP6 3ffe::1 > 3ffe::3: ip-proto-139 608
13:20:33.462743 IP6 3ffe::3 > 3ffe::1: ip-proto-139 216
13:20:34.351457 IP6 3ffe::1 > 3ffe::3: ESP(spi=0x94eb338c,seq=0x1),
length 116
13:20:34.352712 IP6 3ffe::3 > 3ffe::1: ESP(spi=0x6118aed8,seq=0x1),
length 116
13:20:35.352870 IP6 3ffe::1 > 3ffe::3: ESP(spi=0x94eb338c,seq=0x2),
length 116
13:20:35.354062 IP6 3ffe::3 > 3ffe::1: ESP(spi=0x6118aed8,seq=0x2),
length 116
If you observe the first the packets, you'll see that I1 packet goes to
the rendezvous (size 40) (which the rendezvous forwards to responder).
Then the responder replies directly back to the initiator (R1, size 664)
and further communications (I2, R2, ESP) are carried without rendezvous
interaction.
P.S. Please note that observing teredo-encapsulated traffic requires
different rules.
On 10/21/2013 12:17 PM, Paola Venuso wrote:
Hi Miika,
I set up three machines and used Teredo addresses to test RVS service
but it did'nt worked. I captured the traffic with wireshark and there
was no HIP packets. Also "hipconf daemon get ha all" showed no HAs.
I followed the steps on the manual. Is there some particular
configuration for the host RVS ?
Thank you,
Paola
2013/10/20 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
Hi Paola,
hmm, the infrahip.net <http://infrahip.net> network seems to have
some IPv6 connectivity problems at the moment (at least for me), so
I recommend that you set up three machines of your own (initiator,
rendezvous and responder). A successful registration looks like this:
$ sudo hipconf daemon add server rvs
2001:1b:a9be:c6a6:34e5:8361:__c07f:a990 193.167.187.134 1111
Requesting 1 service for 1024 seconds (lifetime 0x90) from
2001:1b:a9be:c6a6:34e5:8361:__c07f:a990 193.167.187.134.
Sending user message 104 to HIPD on socket 3
Sent 96 bytes
Waiting to receive daemon info.
96 bytes received from HIP daemon.
User message was sent successfully to the HIP daemon.
$ hipconf daemon get ha all
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
456 bytes received from HIP daemon.
HA is ESTABLISHED
Shotgun mode is off.
Broadcast mode is off.
Local HIT: 2001:0019:11ac:e3af:2367:11a4:__1a36:36ec
Peer HIT: 2001:001b:a9be:c6a6:34e5:8361:__c07f:a990
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.100
Local IP: 192.168.1.127
Local NAT traversal UDP port: 10500
Peer IP: 193.167.187.134
Peer NAT traversal UDP port: 10500
Peer hostname: crossroads.infrahip.net
<http://crossroads.infrahip.net>
Peer has granted us rendezvous service
^^^^^^^^^^
HA is ESTABLISHED
On 10/20/2013 01:43 AM, Paola Venuso wrote:
Hi Miika,
thank you for re-enabling the service. I tried the connection
with IPv4
and as you expected it didn't work.
To priorize the IPv6 addresses I edited gai.conf file
uncommenting the
lines:
label ::1/128 0
label ::/0 1
label 2002::/16 2
label ::/96 3
label ::ffff:0:0/96 4
label fec0::/10 5
label fc00::/7 6
I tested IPv6 visiting ipv6-test.com <http://ipv6-test.com>
<http://ipv6-test.com> that gave me
this result:
When both protocols are available, your browser uses
IPv6
Your internet connection is IPv6 capable
2001:0:53aa:64c:807:6e66:a269:__1d27^ [?
<http://db-ip.com/2001%3A0%__3A53aa%3A64c%3A807%3A6e66%__3Aa269%3A1d27
<http://db-ip.com/2001%3A0%3A53aa%3A64c%3A807%3A6e66%3Aa269%3A1d27>>]
Address type is
Teredo <http://wikipedia.org/wiki/__Teredo_tunneling
<http://wikipedia.org/wiki/Teredo_tunneling>>
Tunneling from *93.150.226.216:37273
<http://93.150.226.216:37273> <http://93.150.226.216:37273>*
(server *83.170.6.76*)
So I guess this part is ok.
Then I registered to crossroads using its IPv6 address and
tried nc6
connection from the initiator. Previously at the initiator I
edited
/etc/hosts (in wich I included IPv6 address of crossroads and the
responder hostname) and /etc/hip/hosts (in wich I included HIT
and
hostname of the responder) and also restarted both machines.
But the
initiator couldn't reach the responder.
Did I do something wrong?
Thanks,
Paola
2013/10/19 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
Hi Paola,
I have re-enabled RVS functionality in crossroads and
ashenvale now.
Please bare in mind that a IPv4-over-UDP base exchange may
not work
because your NAT may block it (Teredo may be needed).
On 10/19/2013 04:51 PM, Paola Venuso wrote:
Hi Miika,
I read on the manual that crossroads could have been
used as
rvs. This
is written above the table in which are indicated the
addresses
of the
test servers. Maybe I misunderstood what is written.
Anyway I'm installing ubuntu on another computer and
trying to
configure
the server myself.
Thanks again,
Paola
Il giorno 19/ott/2013 14:40, "Miika Komu"
<mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>> ha scritto:
Hi Paolo,
crossroads is not configured to act as a
rendezvous (or
relay). You
should deploy and install your own rendezvous
server. When
you have
done so, you will see some additional registration
information in
hipconf output at the responder and then also the
initiator
succeeds
with the base exchange.
On 10/18/2013 09:44 PM, Paola Venuso wrote:
Hi Miika,
I replaced Windows with Ubuntu on my PCs and
now the simple
connection
between the two hosts works perfectly! :D
But I have problems with RVS. I tried
registering with
crossoroads.infrahip.net <http://crossoroads.infrahip.net>
<http://crossoroads.infrahip.__net
<http://crossoroads.infrahip.net>>
<http://crossoroads.infrahip.____net
<http://crossoroads.infrahip.__net
<http://crossoroads.infrahip.net>>>
<http://crossoroads.infrahip.______net
<http://crossoroads.infrahip.____net
<http://crossoroads.infrahip.__net
<http://crossoroads.infrahip.net>>>> and then
started the connection (using different
configuration).
Only I1
packet
was sent. I stopped the connection and run
"hipconf
daemon get
ha all".
At the responder I had this output:
paola@ProBook:~$ hipconf daemon get ha all
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
240 bytes received from HIP daemon.
HA is ESTABLISHED
Shotgun mode is off.
Broadcast mode is off.
Local HIT:
2001:0018:66b5:52d3:e479:7810:______8446:133b
Peer HIT:
2001:001b:a9be:c6a6:34e5:8361:______c07f:a990
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.2
Local IP: 192.168.1.210
Local NAT traversal UDP port: 10500
Peer IP: 193.167.187.134
Peer NAT traversal UDP port: 10500
Peer hostname: crossroads.infrahip.net
<http://crossroads.infrahip.net>
<http://crossroads.infrahip.__net
<http://crossroads.infrahip.net>>
<http://crossroads.infrahip.____net
<http://crossroads.infrahip.__net
<http://crossroads.infrahip.net>>>
<http://crossroads.infrahip.______net
<http://crossroads.infrahip.____net
<http://crossroads.infrahip.__net
<http://crossroads.infrahip.net>>>>
While at the initiator I had this output:
paola@ProBook:~$ hipconf daemon get ha all
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
240 bytes received from HIP daemon.
HA is I1-SENT
Shotgun mode is off.
Broadcast mode is off.
Local HIT:
20011:0013:e87a:b8e4:68c8:______258b:0fb4:68b8
Peer HIT:
2001:0018:66b5:52d3:e479:7810:______8446:133b
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.2
Local IP: 192.168.1.184
Local NAT traversal UDP port: 10500
Peer IP: 193.167.187.134
Peer NAT traversal UDP port: 10500
Peer hostname:
Thanks,
Paola
2013/10/17 Paola Venuso <pa.venuso@xxxxxxxxx
<mailto:pa.venuso@xxxxxxxxx>
<mailto:pa.venuso@xxxxxxxxx
<mailto:pa.venuso@xxxxxxxxx>>
<mailto:pa.venuso@xxxxxxxxx
<mailto:pa.venuso@xxxxxxxxx>
<mailto:pa.venuso@xxxxxxxxx
<mailto:pa.venuso@xxxxxxxxx>>> <mailto:pa.venuso@xxxxxxxxx
<mailto:pa.venuso@xxxxxxxxx>
<mailto:pa.venuso@xxxxxxxxx
<mailto:pa.venuso@xxxxxxxxx>>
<mailto:pa.venuso@xxxxxxxxx
<mailto:pa.venuso@xxxxxxxxx> <mailto:pa.venuso@xxxxxxxxx
<mailto:pa.venuso@xxxxxxxxx>>>>__>
Hi Miika,
the reason why I used virtual machines is
that I
couldn't
use Linux
as the host machine. But now I convinced
myself to
use it
because
this test I have to run is for the last
part of my
thesis
in which I
have to use InfraHIP implementation.
About miredo
configuration, I
have the default one (I only installed
the miredo
packet as the
manual says) .
Tonight I'm going to install Linux on my
machines
and then
to try
again the test. I hope everything would
be ok.
I'll let you
know.
Thank you for everything,
Paola
2013/10/17 Miika Komu <mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>>>
Hi Paola,
(returning offline discussion to
online)
my guess of the origins of your
problem is
that the
host machine
of your virtual machines is Windows,
and it
does not
allow raw
sockets, even for virtual machines.
This is
probably
the reason
why HIP-over-UDP-over-IPv4 works, but
HIP-over-IPv6
doesn't.
If you really want to do NAT
traversal with
HIP, please
consider:
1. Using Linux (or OS-X) as the host
machine
(Linux
live CD/USB
images are available)
2. Use HIP over UDP and IPv4, and
employ the relay
server as
instructed in the manual (the relay
server
requires a
public
IPv4 address)
Btw, your Teredo configuration is not
fully
functional
because I
can't reach your VMs, even though you
can reach by
yourself.
P.S. OpenHIP has some native support
for Windows.
On 10/16/2013 07:45 PM, Paola Venuso
wrote:
Hi Miika,
at the initiator:
paola2@ubuntu2:~$ lsmod|grep xfrm
xfrm_user 31160 1
xfrm_algo 14952 3
xfrm_user,esp6,esp4
xfrm6_mode_beet 12577 1
xfrm4_mode_beet 12498 1
at the responder :
paola@ubuntu:~$ lsmod|grep xfrm
xfrm_user 31160 1
xfrm_algo 14952 3
xfrm_user,esp6,esp4
xfrm6_mode_beet 12577 2
xfrm4_mode_beet 12498 2
Then I used ping6 with the server
address
and I
could reach
it. I
invoked add map command and
ping6 and
waited for
more then a
minute but
nothing happened so I stopped it:
paola@ubuntu:~$ ping6
2001:10:5403:41fe:a5df:5f02:________9680:b6d2PING
2001:10:5403:41fe:a5df:5f02:________9680:b6d2(2001:10:5403:__41fe:______a5df:5f02:9680:__b6d2)
56 data bytes
^C
---
2001:10:5403:41fe:a5df:5f02:________9680:b6d2 ping
statistics ---
222 packets transmitted, 0
received, 100%
packet
loss, time
221196ms
paola@ubuntu:~$ hipconf daemon
get ha all
Sending user message 22 to HIPD
on socket 3
Sent 40 bytes
Waiting to receive daemon info.
240 bytes received from HIP
daemon.
HA is I1-SENT
Shotgun mode is off.
Broadcast mode is off.
Local HIT:
2001:0012:421d:99a0:005d:d60f:________73b0:4407
Peer HIT:
2001:0010:5403:41fe:a5df:5f02:________9680:b6d2
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.2
Local IP:
3ffe:0000:0000:0000:0000:0000:________0000:0002
Local NAT traversal UDP port: 0
Peer IP:
3ffe:0000:0000:0000:0000:0000:________0000:0001
Peer NAT traversal UDP port: 0
Peer hostname:
2013/10/16 Miika Komu
<mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
<mailto:mkomu@xxxxxxxxx
<mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
<mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>>
Hi Paola,
On 10/16/2013 12:46 PM,
Paola Venuso
wrote:
Hi Miika,
I deleted the incorrect
line with
"hipconf" and
changed the
debug mode
to "all". I'm sending
two emails
with the
output of
the debug
because
the message is too big.
What does "lsmod|grep xfrm"
give you? It
should be:
xfrm_user
35921 1
xfrm6_mode_beet
12658 7
xfrm4_mode_beet
12611 7
This is the output of
the initiator
I failed to see any
3ffe::xx/64
addresses in
the log.
Did you forget
to invoke "hipconf daemon
add map"?
Here's an example (please do
not copy
paste
blindly,
you need to
change the addresses and
interface
names):
server:
sudo ip addr add
3ffe::1/64 dev
eth0 # add
IPv6 addr
for server
client:
sudo ip addr add
3ffe::2/64 dev
eth0 # add
IPv6 addr
for client
ping6 3ffe::2 # can you
reach the
server?
sudo hipconf daemon rst
all #
reset hipd
daemon state
hipconf daemon add map
2001:15:e156:8a78:3226:dbaa:__________f2ff:ed06
3ffe::1
ping6
2001:15:e156:8a78:3226:dbaa:__________f2ff:ed06
<wait for one minute>
PING
2001:15:e156:8a78:3226:dbaa:__________f2ff:ed06(2001:15:e156:____8a78:______3226:dbaa:f2ff:____ed06)
56 data bytes
64 bytes from
2001:15:e156:8a78:3226:dbaa:__________f2ff:ed06:
icmp_seq=2
ttl=64 time=29.8 ms
64 bytes from
2001:15:e156:8a78:3226:dbaa:__________f2ff:ed06:
icmp_seq=3
ttl=64 time=47.5 ms
I'd like to see "hipconf
daemon get
ha all" output
after this.
