[hipl-users] Re: Problems with RVS

  • From: Miika Komu <mkomu@xxxxxxxxx>
  • To: hipl-users@xxxxxxxxxxxxx
  • Date: Tue, 22 Oct 2013 17:03:36 +0300

Hi Paola,

1c may have failed because responder registered with IPv6 and the initiator did the base exchange over IPv4...? This scenario is not even supposed to work :)

On 10/22/2013 04:56 PM, Paola Venuso wrote:
Hi Miika,

thank you! The solution with plain IPv6 worked perfectly and now I can
finish my work analyzing the packets.
I followed the steps from basics to advanced and these are the results:

* basics
      1a. yes
      2a. yes
      3a. no (address unreachable)
    * medium (no RVS)
      1b. yes
      2b. yes
      3b. no (address unreachable)
    * advanced (with RVS)
      1c. no (only I1 packet sent)
      2c. yes
      3c. no  (no HiP packets)





2013/10/22 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>

    Hi Paola,

    few notes about testing in general (which should be obvious from the
    discussion already). Please test incrementally (start with basics,
    then head towards more complex configurations):

        * basics
          1a. does IPv4 connectivity work?
          2a. does IPv6 local connectivity work?
          3a. does Teredo connectivity work?
        * medium (no RVS)
          1b. does direct HIP-over-IPv4 connectivity work?
          2b. does direct HIP-over-IPv6 connectivity work?
          3b. does direct HIP-over-Teredo connectivity work?
        * advanced (with RVS)
          1c. does HIP-RVS work with IPv4?
          2c. does HIP-RVS work with IPv6?
          3c. does HIP-RVS work on top of Teredo?

    There is a dependency between the test cases with the same number.
    For instance, 1c does not work if 1b does not work, and 1b cannot
    work if 1a does not work (also, Teredo fails to work when plain IPv4
    does not work). I think you haven't tried all this yet, so we
    haven't minimized the problem.

    P.S. I do have a patch for encapsulating HIP traffic over UDP when
    using IPv6 (or Teredo). If sending raw traffic over Teredo is really
    the issue, we can merge this patch, but you really show that this is
    really an issue (e.g. play with nc6 in UDP port 10500 and remember
    to stop hipd).


    On 10/22/2013 01:49 PM, Miika Komu wrote:

        Hi Paola,

        I tried rendezvous in my local network. For me, Teredo addresses
        failed
        to work, possibly because of so called NAT hairpinning problems (all
        hosts behind the same NAT), so I could not run any traffic on top of
        Teredo. So, I will show you how it works on plain IPv6.

        The hosts are:
        Initiator: 3ffe::1
        Rendezvous 3ffe::2
        Responder: 3ffe::3

        1. Enable rendezvous at rendezvous (you can also modify hipd.conf):

             sudo hipconf daemon add service rvs

        2. Register to rvs at the the responder and verify it works:

            sudo hipconf daemon add server rvs
        2001:1a:493f:a501:6481:6b4:__cfdb:6d4e 3ffe::2 11111

            hipconf daemon get ha all
              Sending user message 22 to HIPD on socket 3
              Sent 40 bytes
              Waiting to receive daemon info.
              248 bytes received from HIP daemon.
              HA is ESTABLISHED
              Shotgun mode is off.
              Broadcast mode is off.
              Local HIT: 2001:0016:8c08:9ca9:9e41:059d:__95e7:7d2f
              Peer  HIT: 2001:001a:493f:a501:6481:06b4:__cfdb:6d4e
              Local LSI: 1.0.0.1
              Peer  LSI: 1.0.0.2
              Local IP: 3ffe:0000:0000:0000:0000:0000:__0000:0003
              Local NAT traversal UDP port: 0
              Peer  IP: 3ffe:0000:0000:0000:0000:0000:__0000:0002
              Peer  NAT traversal UDP port: 0
              Peer  hostname: debian32
              Peer has granted us rendezvous service

        3. Initiate base exchange at the initiator (via rvs)

            hipconf  daemon add map
        2001:16:8c08:9ca9:9e41:059d:__95e7:7d2f 3ffe::2
            ping6 2001:16:8c08:9ca9:9e41:059d:__95e7:7d2f
            root@gaijin:~# ping6 2001:16:8c08:9ca9:9e41:059d:__95e7:7d2f
            PING
        
2001:16:8c08:9ca9:9e41:059d:__95e7:7d2f(2001:16:8c08:9ca9:__9e41:59d:95e7:7d2f)
            56 data bytes
            64 bytes from 2001:16:8c08:9ca9:9e41:59d:__95e7:7d2f:
        icmp_seq=2 ttl=64
        time=1.44 ms
            64 bytes from 2001:16:8c08:9ca9:9e41:59d:__95e7:7d2f:
        icmp_seq=3 ttl=64
        time=1.36 ms

        I was also running tcpdump at the initiator to make sure that the
        traffic goes through the rvs:

        tcpdump -n -i any proto 139 or esp
        13:20:33.356457 IP6 3ffe::1 > 3ffe::2: ip-proto-139 40
        13:20:33.397397 IP6 3ffe::3 > 3ffe::1: ip-proto-139 664
        13:20:33.417302 IP6 3ffe::1 > 3ffe::3: ip-proto-139 608
        13:20:33.462743 IP6 3ffe::3 > 3ffe::1: ip-proto-139 216
        13:20:34.351457 IP6 3ffe::1 > 3ffe::3: ESP(spi=0x94eb338c,seq=0x1),
        length 116
        13:20:34.352712 IP6 3ffe::3 > 3ffe::1: ESP(spi=0x6118aed8,seq=0x1),
        length 116
        13:20:35.352870 IP6 3ffe::1 > 3ffe::3: ESP(spi=0x94eb338c,seq=0x2),
        length 116
        13:20:35.354062 IP6 3ffe::3 > 3ffe::1: ESP(spi=0x6118aed8,seq=0x2),
        length 116

        If you observe the first the packets, you'll see that I1 packet
        goes to
        the rendezvous (size 40) (which the rendezvous forwards to
        responder).
        Then the responder replies directly back to the initiator (R1,
        size 664)
        and further communications (I2, R2, ESP) are carried without
        rendezvous
        interaction.

        P.S. Please note that observing teredo-encapsulated traffic requires
        different rules.

        On 10/21/2013 12:17 PM, Paola Venuso wrote:

            Hi Miika,

            I set up three machines and used Teredo addresses to test
            RVS service
            but it did'nt worked. I captured the traffic with wireshark
            and there
            was no HIP packets. Also  "hipconf daemon get ha all" showed
            no HAs.
            I followed the steps on the manual. Is there some particular
            configuration for the host RVS ?

            Thank you,

            Paola




            2013/10/20 Miika Komu <mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>>

                 Hi Paola,

                 hmm, the infrahip.net <http://infrahip.net>
            <http://infrahip.net> network seems to have
                 some IPv6 connectivity problems at the moment (at least
            for me), so
                 I recommend that you set up three machines of your own
            (initiator,
                 rendezvous and responder). A successful registration
            looks like this:

                 $ sudo hipconf daemon add server rvs
                 2001:1b:a9be:c6a6:34e5:8361:____c07f:a990
            193.167.187.134 1111
                 Requesting 1 service for 1024 seconds (lifetime 0x90) from
                 2001:1b:a9be:c6a6:34e5:8361:____c07f:a990 193.167.187.134.
                 Sending user message 104 to HIPD on socket 3
                 Sent 96 bytes

                 Waiting to receive daemon info.
                 96 bytes received from HIP daemon.
                 User message was sent successfully to the HIP daemon.


                 $ hipconf daemon get ha all
                 Sending user message 22 to HIPD on socket 3
                 Sent 40 bytes
                 Waiting to receive daemon info.
                 456 bytes received from HIP daemon.

                 HA is ESTABLISHED
                   Shotgun mode is off.
                   Broadcast mode is off.
                   Local HIT: 2001:0019:11ac:e3af:2367:11a4:____1a36:36ec
                   Peer  HIT: 2001:001b:a9be:c6a6:34e5:8361:____c07f:a990
                   Local LSI: 1.0.0.1
                   Peer  LSI: 1.0.0.100
                   Local IP: 192.168.1.127

                   Local NAT traversal UDP port: 10500
                   Peer  IP: 193.167.187.134
                   Peer  NAT traversal UDP port: 10500
                   Peer  hostname: crossroads.infrahip.net
            <http://crossroads.infrahip.net>
                 <http://crossroads.infrahip.__net
            <http://crossroads.infrahip.net>>
                   Peer has granted us rendezvous service
                                       ^^^^^^^^^^
                 HA is ESTABLISHED



                 On 10/20/2013 01:43 AM, Paola Venuso wrote:

                     Hi Miika,

                     thank you for re-enabling the service. I tried the
            connection
                     with IPv4
                     and as you expected it didn't work.
                     To priorize the IPv6 addresses I edited gai.conf file
                     uncommenting the
                     lines:

                     label ::1/128       0
                     label ::/0          1
                     label 2002::/16     2
                     label ::/96         3
                     label ::ffff:0:0/96 4
                     label fec0::/10     5
                     label fc00::/7      6

                     I tested IPv6 visiting ipv6-test.com
            <http://ipv6-test.com> <http://ipv6-test.com>
                     <http://ipv6-test.com> that gave me

                     this result:

                     When both protocols are available, your browser uses
                     IPv6
                     Your internet connection is IPv6 capable
                     2001:0:53aa:64c:807:6e66:a269:____1d27^ [?

            
<http://db-ip.com/2001%3A0%____3A53aa%3A64c%3A807%3A6e66%____3Aa269%3A1d27
            
<http://db-ip.com/2001%3A0%__3A53aa%3A64c%3A807%3A6e66%__3Aa269%3A1d27>

            
<http://db-ip.com/2001%3A0%__3A53aa%3A64c%3A807%3A6e66%__3Aa269%3A1d27
            
<http://db-ip.com/2001%3A0%3A53aa%3A64c%3A807%3A6e66%3Aa269%3A1d27>>>]

                     Address type is
                     Teredo
            <http://wikipedia.org/wiki/____Teredo_tunneling
            <http://wikipedia.org/wiki/__Teredo_tunneling>
                     <http://wikipedia.org/wiki/__Teredo_tunneling
            <http://wikipedia.org/wiki/Teredo_tunneling>>>
                     Tunneling from *93.150.226.216:37273
            <http://93.150.226.216:37273>
                     <http://93.150.226.216:37273>
            <http://93.150.226.216:37273>*
                     (server *83.170.6.76*)


                     So I guess this part is ok.
                     Then I registered to crossroads using its IPv6
            address and
            tried nc6
                     connection from the initiator. Previously at the
            initiator  I
            edited
                     /etc/hosts (in wich I included IPv6 address of
            crossroads and the
                     responder hostname) and /etc/hip/hosts (in wich I
            included HIT
            and
                     hostname of the responder) and also restarted both
            machines.
            But the
                     initiator couldn't reach the responder.
                     Did I do something wrong?

                     Thanks,

                     Paola



                     2013/10/19 Miika Komu <mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>


                          Hi Paola,

                          I have re-enabled RVS functionality in
            crossroads and
                     ashenvale now.
                          Please bare in mind that a IPv4-over-UDP base
            exchange may
                     not work
                          because your NAT may block it (Teredo may be
            needed).


                          On 10/19/2013 04:51 PM, Paola Venuso wrote:

                              Hi Miika,

                              I read on the manual that crossroads could
            have been
                     used as
                              rvs. This
                              is written above the table in which are
            indicated the
                     addresses
                              of the
                              test servers. Maybe I misunderstood what
            is written.
                              Anyway I'm installing ubuntu on another
            computer and
                     trying to
                              configure
                              the server myself.

                              Thanks again,

                              Paola

                              Il giorno 19/ott/2013 14:40, "Miika Komu"
                     <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
                              <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>>
                              <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>> ha scritto:



                                   Hi Paolo,

                                   crossroads is not configured to act as a
                     rendezvous (or
                              relay). You
                                   should deploy and install your own
            rendezvous
                     server. When
                              you have
                                   done so, you will see some additional
            registration
                              information in
                                   hipconf output at the responder and
            then also the
                     initiator
                              succeeds
                                   with the base exchange.

                                   On 10/18/2013 09:44 PM, Paola Venuso
            wrote:

                                       Hi Miika,

                                       I replaced Windows with Ubuntu on
            my PCs and
                     now the simple
                                       connection
                                       between the two hosts works
            perfectly! :D
                                       But I have problems with RVS. I tried
                     registering with
            crossoroads.infrahip.net <http://crossoroads.infrahip.net>
            <http://crossoroads.infrahip.__net
            <http://crossoroads.infrahip.net>>
                     <http://crossoroads.infrahip.____net
                     <http://crossoroads.infrahip.__net
            <http://crossoroads.infrahip.net>>>
                              <http://crossoroads.infrahip.______net
                              <http://crossoroads.infrahip.____net
                     <http://crossoroads.infrahip.__net
            <http://crossoroads.infrahip.net>>>>

            <http://crossoroads.infrahip.________net



            <http://crossoroads.infrahip.______net
                              <http://crossoroads.infrahip.____net
                     <http://crossoroads.infrahip.__net
            <http://crossoroads.infrahip.net>>>>> and then
                                       started the connection (using
            different
                     configuration).
                              Only I1
                                       packet
                                       was sent. I stopped the
            connection and run
                     "hipconf
                              daemon get
                                       ha all".
                                       At the responder I had this output:

                                       paola@ProBook:~$ hipconf daemon
            get ha all
                                       Sending user message 22 to HIPD
            on socket 3
                                       Sent 40 bytes
                                       Waiting to receive daemon info.
                                       240 bytes received from HIP daemon.
                                       HA is ESTABLISHED
                                          Shotgun mode is off.
                                          Broadcast mode is off.
                                          Local HIT:
                     2001:0018:66b5:52d3:e479:7810:________8446:133b
                                          Peer  HIT:
                     2001:001b:a9be:c6a6:34e5:8361:________c07f:a990


                                          Local LSI: 1.0.0.1
                                          Peer  LSI: 1.0.0.2
                                          Local IP: 192.168.1.210
                                          Local NAT traversal UDP port:
            10500
                                          Peer  IP: 193.167.187.134
                                          Peer  NAT traversal UDP port:
            10500
                                          Peer  hostname:
            crossroads.infrahip.net <http://crossroads.infrahip.net>
                     <http://crossroads.infrahip.__net
            <http://crossroads.infrahip.net>>
                              <http://crossroads.infrahip.____net
                     <http://crossroads.infrahip.__net
            <http://crossroads.infrahip.net>>>
                                       <http://crossroads.infrahip.______net
                              <http://crossroads.infrahip.____net
                     <http://crossroads.infrahip.__net
            <http://crossroads.infrahip.net>>>>

            <http://crossroads.infrahip.________net

                              <http://crossroads.infrahip.______net
                     <http://crossroads.infrahip.____net
                     <http://crossroads.infrahip.__net
            <http://crossroads.infrahip.net>>>>>



                                       While at the initiator I had this
            output:

                                       paola@ProBook:~$ hipconf daemon
            get ha all
                                       Sending user message 22 to HIPD
            on socket 3
                                       Sent 40 bytes
                                       Waiting to receive daemon info.
                                       240 bytes received from HIP daemon.
                                       HA is I1-SENT
                                          Shotgun mode is off.
                                          Broadcast mode is off.
                                          Local HIT:
                     20011:0013:e87a:b8e4:68c8:________258b:0fb4:68b8
                                          Peer  HIT:
                     2001:0018:66b5:52d3:e479:7810:________8446:133b


                                          Local LSI: 1.0.0.1
                                          Peer  LSI: 1.0.0.2
                                          Local IP: 192.168.1.184
                                          Local NAT traversal UDP port:
            10500
                                          Peer  IP: 193.167.187.134
                                          Peer  NAT traversal UDP port:
            10500
                                          Peer  hostname:

                                       Thanks,

                                       Paola


                                       2013/10/17 Paola Venuso
            <pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>
                     <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>>
                              <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>
            <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>>>
                                       <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>
                     <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>>
                              <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>
                     <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>>>> <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>
                     <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>>
                              <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>
            <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>>>

                                       <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>
                     <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>> <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>
                     <mailto:pa.venuso@xxxxxxxxx
            <mailto:pa.venuso@xxxxxxxxx>>>>__>__>


                                            Hi Miika,

                                            the reason why I used
            virtual machines is
                     that I
                              couldn't
                                       use Linux
                                            as the host machine. But now
            I convinced
                     myself to
                              use it
                                       because
                                            this test I have to run is
            for the last
                     part of my
                              thesis
                                       in which I
                                            have to use InfraHIP
            implementation.
                     About miredo
                                       configuration, I
                                            have the default one (I only
            installed
                     the miredo
                              packet as the
                                            manual says) .
                                            Tonight I'm going to install
            Linux on my
                     machines
                              and then
                                       to try
                                            again the test. I hope
            everything would
                     be ok.
                              I'll let you
                                       know.

                                            Thank you for everything,

                                            Paola


                                            2013/10/17 Miika Komu
            <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
                              <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>>
                                       <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
                              <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
                                       <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>>>

                                                Hi Paola,

                                                (returning offline
            discussion to
            online)

                                                my guess of the origins
            of your
                     problem is
                              that the
                                       host machine
                                                of your virtual machines
            is Windows,
                     and it
                              does not
                                       allow raw
                                                sockets, even for
            virtual machines.
                     This is
                              probably
                                       the reason
                                                why
            HIP-over-UDP-over-IPv4 works, but
                              HIP-over-IPv6
                                       doesn't.

                                                If you really want to do NAT
                     traversal with
                              HIP, please
                                       consider:

                                                1. Using Linux (or OS-X)
            as the host
                     machine
                              (Linux
                                       live CD/USB
                                                images are available)
                                                2. Use HIP over UDP and
            IPv4, and
                     employ the relay
                                       server as
                                                instructed in the manual
            (the relay
                     server
                              requires a
                                       public
                                                IPv4 address)

                                                Btw, your Teredo
            configuration is not
                     fully
                              functional
                                       because I
                                                can't reach your VMs,
            even though you
                     can reach by
                                       yourself.

                                                P.S. OpenHIP has some
            native support
                     for Windows.


                                                On 10/16/2013 07:45 PM,
            Paola Venuso
                     wrote:

                                                    Hi Miika,


                                                    at the initiator:

                                                    paola2@ubuntu2:~$
            lsmod|grep xfrm
                                                    xfrm_user
                31160  1
                                                    xfrm_algo
                14952  3
                              xfrm_user,esp6,esp4
                                                    xfrm6_mode_beet
                12577  1
                                                    xfrm4_mode_beet
                12498  1



                                                    at the responder :

                                                    paola@ubuntu:~$
            lsmod|grep xfrm
                                                    xfrm_user
                31160  1
                                                    xfrm_algo
                14952  3
                              xfrm_user,esp6,esp4
                                                    xfrm6_mode_beet
                12577  2
                                                    xfrm4_mode_beet
                12498  2


                                                    Then I used ping6
            with the server
                     address
                              and I
                                       could reach
                                                    it. I
                                                    invoked add map
            command and
            ping6 and
                              waited for
                                       more then a
                                                    minute but
                                                    nothing happened so
            I stopped it:

                                                    paola@ubuntu:~$ ping6


              2001:10:5403:41fe:a5df:5f02:__________9680:b6d2PING




            
2001:10:5403:41fe:a5df:5f02:__________9680:b6d2(2001:10:5403:____41fe:______a5df:5f02:9680:____b6d2)


                                                    56 data bytes
                                                    ^C
                                                    ---

              2001:10:5403:41fe:a5df:5f02:__________9680:b6d2 ping


                                       statistics ---
                                                    222 packets
            transmitted, 0
                     received, 100%
                              packet
                                       loss, time
                                                    221196ms

                                                    paola@ubuntu:~$
            hipconf daemon
                     get ha all
                                                    Sending user message
            22 to HIPD
                     on socket 3
                                                    Sent 40 bytes
                                                    Waiting to receive
            daemon info.
                                                    240 bytes received
            from HIP
            daemon.
                                                    HA is I1-SENT
                                                       Shotgun mode is off.
                                                       Broadcast mode is
            off.
                                                       Local HIT:

            2001:0012:421d:99a0:005d:d60f:__________73b0:4407
                                                       Peer  HIT:

            2001:0010:5403:41fe:a5df:5f02:__________9680:b6d2


                                                       Local LSI: 1.0.0.1
                                                       Peer  LSI: 1.0.0.2
                                                       Local IP:

            3ffe:0000:0000:0000:0000:0000:__________0000:0002


                                                       Local NAT
            traversal UDP port: 0
                                                       Peer  IP:

            3ffe:0000:0000:0000:0000:0000:__________0000:0001


                                                       Peer  NAT
            traversal UDP port: 0
                                                       Peer  hostname:






                                                    2013/10/16 Miika Komu
                     <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
                              <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>>
                                       <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>

              <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
                              <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
                              <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>>>>
                                       <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
                              <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>

              <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
                              <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>>
                     <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
            <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
                              <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
            <mailto:mkomu@xxxxxxxxx>>>>>>>



                                                         Hi Paola,


                                                         On 10/16/2013
            12:46 PM,
                     Paola Venuso
                              wrote:

                                                             Hi Miika,

                                                             I deleted
            the incorrect
                     line with
                                       "hipconf" and
                                                    changed the
                                                             debug mode
                                                             to "all".
            I'm sending
                     two emails
                              with the
                                       output of
                                                    the debug
                                                             because
                                                             the message
            is too big.


                                                         What does
            "lsmod|grep xfrm"
                     give you? It
                                       should be:
                                                         xfrm_user
            35921  1
                                                         xfrm6_mode_beet
            12658  7
                                                         xfrm4_mode_beet
            12611  7


                                                             This is the
            output of
                     the initiator


                                                         I failed to see any
            3ffe::xx/64
                              addresses in
                                       the log.
                                                    Did you forget
                                                         to invoke
            "hipconf daemon
                     add map"?

                                                         Here's an
            example (please do
                     not copy
                              paste
                                       blindly,
                                                    you need to
                                                         change the
            addresses and
                     interface
                              names):

                                                         server:
                                                            sudo ip addr add
                     3ffe::1/64 dev
                              eth0 # add
                                       IPv6 addr
                                                    for server

                                                         client:
                                                            sudo ip addr add
                     3ffe::2/64 dev
                              eth0 # add
                                       IPv6 addr
                                                    for client
                                                            ping6
            3ffe::2 # can you
                     reach the
                              server?
                                                            sudo hipconf
            daemon rst
            all #
                              reset hipd
                                       daemon state
                                                            hipconf
            daemon add map

                     2001:15:e156:8a78:3226:dbaa:____________f2ff:ed06
                                                         3ffe::1
                                                            ping6

            2001:15:e156:8a78:3226:dbaa:____________f2ff:ed06



                                                            <wait for
            one minute>
                                                            PING





            
2001:15:e156:8a78:3226:dbaa:____________f2ff:ed06(2001:15:__e156:____8a78:______3226:dbaa:__f2ff:____ed06)



                                                         56 data bytes
                                                         64 bytes from


              2001:15:e156:8a78:3226:dbaa:____________f2ff:ed06:
                     icmp_seq=2


                                                         ttl=64 time=29.8 ms
                                                         64 bytes from


              2001:15:e156:8a78:3226:dbaa:____________f2ff:ed06:
                     icmp_seq=3



                                                         ttl=64 time=47.5 ms

                                                         I'd like to see
            "hipconf
                     daemon get
                              ha all" output
                                                    after this.





















Other related posts: