Hi Paola,few notes about testing in general (which should be obvious from the discussion already). Please test incrementally (start with basics, then head towards more complex configurations):
* basics 1a. does IPv4 connectivity work? 2a. does IPv6 local connectivity work? 3a. does Teredo connectivity work? * medium (no RVS) 1b. does direct HIP-over-IPv4 connectivity work? 2b. does direct HIP-over-IPv6 connectivity work? 3b. does direct HIP-over-Teredo connectivity work? * advanced (with RVS) 1c. does HIP-RVS work with IPv4? 2c. does HIP-RVS work with IPv6? 3c. does HIP-RVS work on top of Teredo?There is a dependency between the test cases with the same number. For instance, 1c does not work if 1b does not work, and 1b cannot work if 1a does not work (also, Teredo fails to work when plain IPv4 does not work). I think you haven't tried all this yet, so we haven't minimized the problem.
P.S. I do have a patch for encapsulating HIP traffic over UDP when using IPv6 (or Teredo). If sending raw traffic over Teredo is really the issue, we can merge this patch, but you really show that this is really an issue (e.g. play with nc6 in UDP port 10500 and remember to stop hipd).
On 10/22/2013 01:49 PM, Miika Komu wrote:
Hi Paola, I tried rendezvous in my local network. For me, Teredo addresses failed to work, possibly because of so called NAT hairpinning problems (all hosts behind the same NAT), so I could not run any traffic on top of Teredo. So, I will show you how it works on plain IPv6. The hosts are: Initiator: 3ffe::1 Rendezvous 3ffe::2 Responder: 3ffe::3 1. Enable rendezvous at rendezvous (you can also modify hipd.conf): sudo hipconf daemon add service rvs 2. Register to rvs at the the responder and verify it works: sudo hipconf daemon add server rvs 2001:1a:493f:a501:6481:6b4:cfdb:6d4e 3ffe::2 11111 hipconf daemon get ha all Sending user message 22 to HIPD on socket 3 Sent 40 bytes Waiting to receive daemon info. 248 bytes received from HIP daemon. HA is ESTABLISHED Shotgun mode is off. Broadcast mode is off. Local HIT: 2001:0016:8c08:9ca9:9e41:059d:95e7:7d2f Peer HIT: 2001:001a:493f:a501:6481:06b4:cfdb:6d4e Local LSI: 1.0.0.1 Peer LSI: 1.0.0.2 Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0003 Local NAT traversal UDP port: 0 Peer IP: 3ffe:0000:0000:0000:0000:0000:0000:0002 Peer NAT traversal UDP port: 0 Peer hostname: debian32 Peer has granted us rendezvous service 3. Initiate base exchange at the initiator (via rvs) hipconf daemon add map 2001:16:8c08:9ca9:9e41:059d:95e7:7d2f 3ffe::2 ping6 2001:16:8c08:9ca9:9e41:059d:95e7:7d2f root@gaijin:~# ping6 2001:16:8c08:9ca9:9e41:059d:95e7:7d2f PING 2001:16:8c08:9ca9:9e41:059d:95e7:7d2f(2001:16:8c08:9ca9:9e41:59d:95e7:7d2f) 56 data bytes 64 bytes from 2001:16:8c08:9ca9:9e41:59d:95e7:7d2f: icmp_seq=2 ttl=64 time=1.44 ms 64 bytes from 2001:16:8c08:9ca9:9e41:59d:95e7:7d2f: icmp_seq=3 ttl=64 time=1.36 ms I was also running tcpdump at the initiator to make sure that the traffic goes through the rvs: tcpdump -n -i any proto 139 or esp 13:20:33.356457 IP6 3ffe::1 > 3ffe::2: ip-proto-139 40 13:20:33.397397 IP6 3ffe::3 > 3ffe::1: ip-proto-139 664 13:20:33.417302 IP6 3ffe::1 > 3ffe::3: ip-proto-139 608 13:20:33.462743 IP6 3ffe::3 > 3ffe::1: ip-proto-139 216 13:20:34.351457 IP6 3ffe::1 > 3ffe::3: ESP(spi=0x94eb338c,seq=0x1), length 116 13:20:34.352712 IP6 3ffe::3 > 3ffe::1: ESP(spi=0x6118aed8,seq=0x1), length 116 13:20:35.352870 IP6 3ffe::1 > 3ffe::3: ESP(spi=0x94eb338c,seq=0x2), length 116 13:20:35.354062 IP6 3ffe::3 > 3ffe::1: ESP(spi=0x6118aed8,seq=0x2), length 116 If you observe the first the packets, you'll see that I1 packet goes to the rendezvous (size 40) (which the rendezvous forwards to responder). Then the responder replies directly back to the initiator (R1, size 664) and further communications (I2, R2, ESP) are carried without rendezvous interaction. P.S. Please note that observing teredo-encapsulated traffic requires different rules. On 10/21/2013 12:17 PM, Paola Venuso wrote:Hi Miika, I set up three machines and used Teredo addresses to test RVS service but it did'nt worked. I captured the traffic with wireshark and there was no HIP packets. Also "hipconf daemon get ha all" showed no HAs. I followed the steps on the manual. Is there some particular configuration for the host RVS ? Thank you, Paola 2013/10/20 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> Hi Paola, hmm, the infrahip.net <http://infrahip.net> network seems to have some IPv6 connectivity problems at the moment (at least for me), so I recommend that you set up three machines of your own (initiator, rendezvous and responder). A successful registration looks like this: $ sudo hipconf daemon add server rvs 2001:1b:a9be:c6a6:34e5:8361:__c07f:a990 193.167.187.134 1111 Requesting 1 service for 1024 seconds (lifetime 0x90) from 2001:1b:a9be:c6a6:34e5:8361:__c07f:a990 193.167.187.134. Sending user message 104 to HIPD on socket 3 Sent 96 bytes Waiting to receive daemon info. 96 bytes received from HIP daemon. User message was sent successfully to the HIP daemon. $ hipconf daemon get ha all Sending user message 22 to HIPD on socket 3 Sent 40 bytes Waiting to receive daemon info. 456 bytes received from HIP daemon. HA is ESTABLISHED Shotgun mode is off. Broadcast mode is off. Local HIT: 2001:0019:11ac:e3af:2367:11a4:__1a36:36ec Peer HIT: 2001:001b:a9be:c6a6:34e5:8361:__c07f:a990 Local LSI: 1.0.0.1 Peer LSI: 1.0.0.100 Local IP: 192.168.1.127 Local NAT traversal UDP port: 10500 Peer IP: 193.167.187.134 Peer NAT traversal UDP port: 10500 Peer hostname: crossroads.infrahip.net <http://crossroads.infrahip.net> Peer has granted us rendezvous service ^^^^^^^^^^ HA is ESTABLISHED On 10/20/2013 01:43 AM, Paola Venuso wrote: Hi Miika, thank you for re-enabling the service. I tried the connection with IPv4 and as you expected it didn't work. To priorize the IPv6 addresses I edited gai.conf file uncommenting the lines: label ::1/128 0 label ::/0 1 label 2002::/16 2 label ::/96 3 label ::ffff:0:0/96 4 label fec0::/10 5 label fc00::/7 6 I tested IPv6 visiting ipv6-test.com <http://ipv6-test.com> <http://ipv6-test.com> that gave me this result: When both protocols are available, your browser uses IPv6 Your internet connection is IPv6 capable 2001:0:53aa:64c:807:6e66:a269:__1d27^ [? <http://db-ip.com/2001%3A0%__3A53aa%3A64c%3A807%3A6e66%__3Aa269%3A1d27 <http://db-ip.com/2001%3A0%3A53aa%3A64c%3A807%3A6e66%3Aa269%3A1d27>>] Address type is Teredo <http://wikipedia.org/wiki/__Teredo_tunneling <http://wikipedia.org/wiki/Teredo_tunneling>> Tunneling from *93.150.226.216:37273 <http://93.150.226.216:37273> <http://93.150.226.216:37273>* (server *83.170.6.76*) So I guess this part is ok. Then I registered to crossroads using its IPv6 address and tried nc6 connection from the initiator. Previously at the initiator I edited /etc/hosts (in wich I included IPv6 address of crossroads and the responder hostname) and /etc/hip/hosts (in wich I included HIT and hostname of the responder) and also restarted both machines. But the initiator couldn't reach the responder. Did I do something wrong? Thanks, Paola 2013/10/19 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> Hi Paola, I have re-enabled RVS functionality in crossroads and ashenvale now. Please bare in mind that a IPv4-over-UDP base exchange may not work because your NAT may block it (Teredo may be needed). On 10/19/2013 04:51 PM, Paola Venuso wrote: Hi Miika, I read on the manual that crossroads could have been used as rvs. This is written above the table in which are indicated the addresses of the test servers. Maybe I misunderstood what is written. Anyway I'm installing ubuntu on another computer and trying to configure the server myself. Thanks again, Paola Il giorno 19/ott/2013 14:40, "Miika Komu" <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>> ha scritto: Hi Paolo, crossroads is not configured to act as a rendezvous (or relay). You should deploy and install your own rendezvous server. When you have done so, you will see some additional registration information in hipconf output at the responder and then also the initiator succeeds with the base exchange. On 10/18/2013 09:44 PM, Paola Venuso wrote: Hi Miika, I replaced Windows with Ubuntu on my PCs and now the simple connection between the two hosts works perfectly! :D But I have problems with RVS. I tried registering with crossoroads.infrahip.net <http://crossoroads.infrahip.net> <http://crossoroads.infrahip.__net <http://crossoroads.infrahip.net>> <http://crossoroads.infrahip.____net <http://crossoroads.infrahip.__net <http://crossoroads.infrahip.net>>> <http://crossoroads.infrahip.______net <http://crossoroads.infrahip.____net <http://crossoroads.infrahip.__net <http://crossoroads.infrahip.net>>>> and then started the connection (using different configuration). Only I1 packet was sent. I stopped the connection and run "hipconf daemon get ha all". At the responder I had this output: paola@ProBook:~$ hipconf daemon get ha all Sending user message 22 to HIPD on socket 3 Sent 40 bytes Waiting to receive daemon info. 240 bytes received from HIP daemon. HA is ESTABLISHED Shotgun mode is off. Broadcast mode is off. Local HIT: 2001:0018:66b5:52d3:e479:7810:______8446:133b Peer HIT: 2001:001b:a9be:c6a6:34e5:8361:______c07f:a990 Local LSI: 1.0.0.1 Peer LSI: 1.0.0.2 Local IP: 192.168.1.210 Local NAT traversal UDP port: 10500 Peer IP: 193.167.187.134 Peer NAT traversal UDP port: 10500 Peer hostname: crossroads.infrahip.net <http://crossroads.infrahip.net> <http://crossroads.infrahip.__net <http://crossroads.infrahip.net>> <http://crossroads.infrahip.____net <http://crossroads.infrahip.__net <http://crossroads.infrahip.net>>> <http://crossroads.infrahip.______net <http://crossroads.infrahip.____net <http://crossroads.infrahip.__net <http://crossroads.infrahip.net>>>> While at the initiator I had this output: paola@ProBook:~$ hipconf daemon get ha all Sending user message 22 to HIPD on socket 3 Sent 40 bytes Waiting to receive daemon info. 240 bytes received from HIP daemon. HA is I1-SENT Shotgun mode is off. Broadcast mode is off. Local HIT: 20011:0013:e87a:b8e4:68c8:______258b:0fb4:68b8 Peer HIT: 2001:0018:66b5:52d3:e479:7810:______8446:133b Local LSI: 1.0.0.1 Peer LSI: 1.0.0.2 Local IP: 192.168.1.184 Local NAT traversal UDP port: 10500 Peer IP: 193.167.187.134 Peer NAT traversal UDP port: 10500 Peer hostname: Thanks, Paola 2013/10/17 Paola Venuso <pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx> <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>> <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx> <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>>> <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx> <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>> <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx> <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>>>>__> Hi Miika, the reason why I used virtual machines is that I couldn't use Linux as the host machine. But now I convinced myself to use it because this test I have to run is for the last part of my thesis in which I have to use InfraHIP implementation. About miredo configuration, I have the default one (I only installed the miredo packet as the manual says) . Tonight I'm going to install Linux on my machines and then to try again the test. I hope everything would be ok. I'll let you know. Thank you for everything, Paola 2013/10/17 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>> Hi Paola, (returning offline discussion to online) my guess of the origins of your problem is that the host machine of your virtual machines is Windows, and it does not allow raw sockets, even for virtual machines. This is probably the reason why HIP-over-UDP-over-IPv4 works, but HIP-over-IPv6 doesn't. If you really want to do NAT traversal with HIP, please consider: 1. Using Linux (or OS-X) as the host machine (Linux live CD/USB images are available) 2. Use HIP over UDP and IPv4, and employ the relay server as instructed in the manual (the relay server requires a public IPv4 address) Btw, your Teredo configuration is not fully functional because I can't reach your VMs, even though you can reach by yourself. P.S. OpenHIP has some native support for Windows. On 10/16/2013 07:45 PM, Paola Venuso wrote: Hi Miika, at the initiator: paola2@ubuntu2:~$ lsmod|grep xfrm xfrm_user 31160 1 xfrm_algo 14952 3 xfrm_user,esp6,esp4 xfrm6_mode_beet 12577 1 xfrm4_mode_beet 12498 1 at the responder : paola@ubuntu:~$ lsmod|grep xfrm xfrm_user 31160 1 xfrm_algo 14952 3 xfrm_user,esp6,esp4 xfrm6_mode_beet 12577 2 xfrm4_mode_beet 12498 2 Then I used ping6 with the server address and I could reach it. I invoked add map command and ping6 and waited for more then a minute but nothing happened so I stopped it: paola@ubuntu:~$ ping6 2001:10:5403:41fe:a5df:5f02:________9680:b6d2PING 2001:10:5403:41fe:a5df:5f02:________9680:b6d2(2001:10:5403:__41fe:______a5df:5f02:9680:__b6d2) 56 data bytes ^C --- 2001:10:5403:41fe:a5df:5f02:________9680:b6d2 ping statistics --- 222 packets transmitted, 0 received, 100% packet loss, time 221196ms paola@ubuntu:~$ hipconf daemon get ha all Sending user message 22 to HIPD on socket 3 Sent 40 bytes Waiting to receive daemon info. 240 bytes received from HIP daemon. HA is I1-SENT Shotgun mode is off. Broadcast mode is off. Local HIT: 2001:0012:421d:99a0:005d:d60f:________73b0:4407 Peer HIT: 2001:0010:5403:41fe:a5df:5f02:________9680:b6d2 Local LSI: 1.0.0.1 Peer LSI: 1.0.0.2 Local IP: 3ffe:0000:0000:0000:0000:0000:________0000:0002 Local NAT traversal UDP port: 0 Peer IP: 3ffe:0000:0000:0000:0000:0000:________0000:0001 Peer NAT traversal UDP port: 0 Peer hostname: 2013/10/16 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>> Hi Paola, On 10/16/2013 12:46 PM, Paola Venuso wrote: Hi Miika, I deleted the incorrect line with "hipconf" and changed the debug mode to "all". I'm sending two emails with the output of the debug because the message is too big. What does "lsmod|grep xfrm" give you? It should be: xfrm_user 35921 1 xfrm6_mode_beet 12658 7 xfrm4_mode_beet 12611 7 This is the output of the initiator I failed to see any 3ffe::xx/64 addresses in the log. Did you forget to invoke "hipconf daemon add map"? Here's an example (please do not copy paste blindly, you need to change the addresses and interface names): server: sudo ip addr add 3ffe::1/64 dev eth0 # add IPv6 addr for server client: sudo ip addr add 3ffe::2/64 dev eth0 # add IPv6 addr for client ping6 3ffe::2 # can you reach the server? sudo hipconf daemon rst all # reset hipd daemon state hipconf daemon add map 2001:15:e156:8a78:3226:dbaa:__________f2ff:ed06 3ffe::1 ping6 2001:15:e156:8a78:3226:dbaa:__________f2ff:ed06 <wait for one minute> PING 2001:15:e156:8a78:3226:dbaa:__________f2ff:ed06(2001:15:e156:____8a78:______3226:dbaa:f2ff:____ed06) 56 data bytes 64 bytes from 2001:15:e156:8a78:3226:dbaa:__________f2ff:ed06: icmp_seq=2 ttl=64 time=29.8 ms 64 bytes from 2001:15:e156:8a78:3226:dbaa:__________f2ff:ed06: icmp_seq=3 ttl=64 time=47.5 ms I'd like to see "hipconf daemon get ha all" output after this.