[hipl-users] Re: Problems with RVS

  • From: Paola Venuso <pa.venuso@xxxxxxxxx>
  • To: hipl-users@xxxxxxxxxxxxx
  • Date: Tue, 22 Oct 2013 16:07:09 +0200

Hi Miika,

I don't know why it failed but I registered with IPv4, I'm sure :)
Il giorno 22/ott/2013 16:03, "Miika Komu" <mkomu@xxxxxxxxx> ha scritto:

> Hi Paola,
>
> 1c may have failed because responder registered with IPv6 and the
> initiator did the base exchange over IPv4...? This scenario is not even
> supposed to work :)
>
> On 10/22/2013 04:56 PM, Paola Venuso wrote:
>
>> Hi Miika,
>>
>> thank you! The solution with plain IPv6 worked perfectly and now I can
>> finish my work analyzing the packets.
>> I followed the steps from basics to advanced and these are the results:
>>
>> * basics
>>       1a. yes
>>       2a. yes
>>       3a. no (address unreachable)
>>     * medium (no RVS)
>>       1b. yes
>>       2b. yes
>>       3b. no (address unreachable)
>>     * advanced (with RVS)
>>       1c. no (only I1 packet sent)
>>       2c. yes
>>       3c. no  (no HiP packets)
>>
>>
>>
>>
>>
>> 2013/10/22 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>
>>     Hi Paola,
>>
>>     few notes about testing in general (which should be obvious from the
>>     discussion already). Please test incrementally (start with basics,
>>     then head towards more complex configurations):
>>
>>         * basics
>>           1a. does IPv4 connectivity work?
>>           2a. does IPv6 local connectivity work?
>>           3a. does Teredo connectivity work?
>>         * medium (no RVS)
>>           1b. does direct HIP-over-IPv4 connectivity work?
>>           2b. does direct HIP-over-IPv6 connectivity work?
>>           3b. does direct HIP-over-Teredo connectivity work?
>>         * advanced (with RVS)
>>           1c. does HIP-RVS work with IPv4?
>>           2c. does HIP-RVS work with IPv6?
>>           3c. does HIP-RVS work on top of Teredo?
>>
>>     There is a dependency between the test cases with the same number.
>>     For instance, 1c does not work if 1b does not work, and 1b cannot
>>     work if 1a does not work (also, Teredo fails to work when plain IPv4
>>     does not work). I think you haven't tried all this yet, so we
>>     haven't minimized the problem.
>>
>>     P.S. I do have a patch for encapsulating HIP traffic over UDP when
>>     using IPv6 (or Teredo). If sending raw traffic over Teredo is really
>>     the issue, we can merge this patch, but you really show that this is
>>     really an issue (e.g. play with nc6 in UDP port 10500 and remember
>>     to stop hipd).
>>
>>
>>     On 10/22/2013 01:49 PM, Miika Komu wrote:
>>
>>         Hi Paola,
>>
>>         I tried rendezvous in my local network. For me, Teredo addresses
>>         failed
>>         to work, possibly because of so called NAT hairpinning problems
>> (all
>>         hosts behind the same NAT), so I could not run any traffic on top
>> of
>>         Teredo. So, I will show you how it works on plain IPv6.
>>
>>         The hosts are:
>>         Initiator: 3ffe::1
>>         Rendezvous 3ffe::2
>>         Responder: 3ffe::3
>>
>>         1. Enable rendezvous at rendezvous (you can also modify
>> hipd.conf):
>>
>>              sudo hipconf daemon add service rvs
>>
>>         2. Register to rvs at the the responder and verify it works:
>>
>>             sudo hipconf daemon add server rvs
>>         2001:1a:493f:a501:6481:6b4:__**cfdb:6d4e 3ffe::2 11111
>>
>>             hipconf daemon get ha all
>>               Sending user message 22 to HIPD on socket 3
>>               Sent 40 bytes
>>               Waiting to receive daemon info.
>>               248 bytes received from HIP daemon.
>>               HA is ESTABLISHED
>>               Shotgun mode is off.
>>               Broadcast mode is off.
>>               Local HIT: 2001:0016:8c08:9ca9:9e41:059d:**__95e7:7d2f
>>               Peer  HIT: 2001:001a:493f:a501:6481:06b4:**__cfdb:6d4e
>>               Local LSI: 1.0.0.1
>>               Peer  LSI: 1.0.0.2
>>               Local IP: 3ffe:0000:0000:0000:0000:0000:**__0000:0003
>>               Local NAT traversal UDP port: 0
>>               Peer  IP: 3ffe:0000:0000:0000:0000:0000:**__0000:0002
>>               Peer  NAT traversal UDP port: 0
>>               Peer  hostname: debian32
>>               Peer has granted us rendezvous service
>>
>>         3. Initiate base exchange at the initiator (via rvs)
>>
>>             hipconf  daemon add map
>>         2001:16:8c08:9ca9:9e41:059d:__**95e7:7d2f 3ffe::2
>>             ping6 2001:16:8c08:9ca9:9e41:059d:__**95e7:7d2f
>>             root@gaijin:~# ping6 2001:16:8c08:9ca9:9e41:059d:__**
>> 95e7:7d2f
>>             PING
>>         2001:16:8c08:9ca9:9e41:059d:__**95e7:7d2f(2001:16:8c08:9ca9:__**
>> 9e41:59d:95e7:7d2f)
>>             56 data bytes
>>             64 bytes from 2001:16:8c08:9ca9:9e41:59d:__**95e7:7d2f:
>>         icmp_seq=2 ttl=64
>>         time=1.44 ms
>>             64 bytes from 2001:16:8c08:9ca9:9e41:59d:__**95e7:7d2f:
>>         icmp_seq=3 ttl=64
>>         time=1.36 ms
>>
>>         I was also running tcpdump at the initiator to make sure that the
>>         traffic goes through the rvs:
>>
>>         tcpdump -n -i any proto 139 or esp
>>         13:20:33.356457 IP6 3ffe::1 > 3ffe::2: ip-proto-139 40
>>         13:20:33.397397 IP6 3ffe::3 > 3ffe::1: ip-proto-139 664
>>         13:20:33.417302 IP6 3ffe::1 > 3ffe::3: ip-proto-139 608
>>         13:20:33.462743 IP6 3ffe::3 > 3ffe::1: ip-proto-139 216
>>         13:20:34.351457 IP6 3ffe::1 > 3ffe::3:
>> ESP(spi=0x94eb338c,seq=0x1),
>>         length 116
>>         13:20:34.352712 IP6 3ffe::3 > 3ffe::1:
>> ESP(spi=0x6118aed8,seq=0x1),
>>         length 116
>>         13:20:35.352870 IP6 3ffe::1 > 3ffe::3:
>> ESP(spi=0x94eb338c,seq=0x2),
>>         length 116
>>         13:20:35.354062 IP6 3ffe::3 > 3ffe::1:
>> ESP(spi=0x6118aed8,seq=0x2),
>>         length 116
>>
>>         If you observe the first the packets, you'll see that I1 packet
>>         goes to
>>         the rendezvous (size 40) (which the rendezvous forwards to
>>         responder).
>>         Then the responder replies directly back to the initiator (R1,
>>         size 664)
>>         and further communications (I2, R2, ESP) are carried without
>>         rendezvous
>>         interaction.
>>
>>         P.S. Please note that observing teredo-encapsulated traffic
>> requires
>>         different rules.
>>
>>         On 10/21/2013 12:17 PM, Paola Venuso wrote:
>>
>>             Hi Miika,
>>
>>             I set up three machines and used Teredo addresses to test
>>             RVS service
>>             but it did'nt worked. I captured the traffic with wireshark
>>             and there
>>             was no HIP packets. Also  "hipconf daemon get ha all" showed
>>             no HAs.
>>             I followed the steps on the manual. Is there some particular
>>             configuration for the host RVS ?
>>
>>             Thank you,
>>
>>             Paola
>>
>>
>>
>>
>>             2013/10/20 Miika Komu <mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>>
>>
>>                  Hi Paola,
>>
>>                  hmm, the infrahip.net <http://infrahip.net>
>>             <http://infrahip.net> network seems to have
>>                  some IPv6 connectivity problems at the moment (at least
>>             for me), so
>>                  I recommend that you set up three machines of your own
>>             (initiator,
>>                  rendezvous and responder). A successful registration
>>             looks like this:
>>
>>                  $ sudo hipconf daemon add server rvs
>>                  2001:1b:a9be:c6a6:34e5:8361:__**__c07f:a990
>>             193.167.187.134 1111
>>                  Requesting 1 service for 1024 seconds (lifetime 0x90)
>> from
>>                  2001:1b:a9be:c6a6:34e5:8361:__**__c07f:a990
>> 193.167.187.134.
>>                  Sending user message 104 to HIPD on socket 3
>>                  Sent 96 bytes
>>
>>                  Waiting to receive daemon info.
>>                  96 bytes received from HIP daemon.
>>                  User message was sent successfully to the HIP daemon.
>>
>>
>>                  $ hipconf daemon get ha all
>>                  Sending user message 22 to HIPD on socket 3
>>                  Sent 40 bytes
>>                  Waiting to receive daemon info.
>>                  456 bytes received from HIP daemon.
>>
>>                  HA is ESTABLISHED
>>                    Shotgun mode is off.
>>                    Broadcast mode is off.
>>                    Local HIT: 2001:0019:11ac:e3af:2367:11a4:**
>> ____1a36:36ec
>>                    Peer  HIT: 2001:001b:a9be:c6a6:34e5:8361:**
>> ____c07f:a990
>>                    Local LSI: 1.0.0.1
>>                    Peer  LSI: 1.0.0.100
>>                    Local IP: 192.168.1.127
>>
>>                    Local NAT traversal UDP port: 10500
>>                    Peer  IP: 193.167.187.134
>>                    Peer  NAT traversal UDP port: 10500
>>                    Peer  hostname: crossroads.infrahip.net
>>             <http://crossroads.infrahip.**net<http://crossroads.infrahip.net>
>> >
>>                  <http://crossroads.infrahip.__**net
>>             <http://crossroads.infrahip.**net<http://crossroads.infrahip.net>
>> >>
>>                    Peer has granted us rendezvous service
>>                                        ^^^^^^^^^^
>>                  HA is ESTABLISHED
>>
>>
>>
>>                  On 10/20/2013 01:43 AM, Paola Venuso wrote:
>>
>>                      Hi Miika,
>>
>>                      thank you for re-enabling the service. I tried the
>>             connection
>>                      with IPv4
>>                      and as you expected it didn't work.
>>                      To priorize the IPv6 addresses I edited gai.conf file
>>                      uncommenting the
>>                      lines:
>>
>>                      label ::1/128       0
>>                      label ::/0          1
>>                      label 2002::/16     2
>>                      label ::/96         3
>>                      label ::ffff:0:0/96 4
>>                      label fec0::/10     5
>>                      label fc00::/7      6
>>
>>                      I tested IPv6 visiting ipv6-test.com
>>             <http://ipv6-test.com> <http://ipv6-test.com>
>>                      <http://ipv6-test.com> that gave me
>>
>>                      this result:
>>
>>                      When both protocols are available, your browser uses
>>                      IPv6
>>                      Your internet connection is IPv6 capable
>>                      2001:0:53aa:64c:807:6e66:a269:**____1d27^ [?
>>
>>             <http://db-ip.com/2001%3A0%___**
>> _3A53aa%3A64c%3A807%3A6e66%___**_3Aa269%3A1d27
>>             <http://db-ip.com/2001%3A0%__**3A53aa%3A64c%3A807%3A6e66%__**
>> 3Aa269%3A1d27>
>>
>>             <http://db-ip.com/2001%3A0%__**3A53aa%3A64c%3A807%3A6e66%__**
>> 3Aa269%3A1d27
>>             <http://db-ip.com/2001%3A0%**3A53aa%3A64c%3A807%3A6e66%**
>> 3Aa269%3A1d27<http://db-ip.com/2001%3A0%3A53aa%3A64c%3A807%3A6e66%3Aa269%3A1d27>
>> >>>]
>>
>>                      Address type is
>>                      Teredo
>>             
>> <http://wikipedia.org/wiki/___**_Teredo_tunneling<http://wikipedia.org/wiki/____Teredo_tunneling>
>>             
>> <http://wikipedia.org/wiki/__**Teredo_tunneling<http://wikipedia.org/wiki/__Teredo_tunneling>
>> >
>>                      
>> <http://wikipedia.org/wiki/__**Teredo_tunneling<http://wikipedia.org/wiki/__Teredo_tunneling>
>>             
>> <http://wikipedia.org/wiki/**Teredo_tunneling<http://wikipedia.org/wiki/Teredo_tunneling>
>> >>>
>>                      Tunneling from *93.150.226.216:37273
>>             <http://93.150.226.216:37273>
>>                      <http://93.150.226.216:37273>
>>             <http://93.150.226.216:37273>*
>>                      (server *83.170.6.76*)
>>
>>
>>                      So I guess this part is ok.
>>                      Then I registered to crossroads using its IPv6
>>             address and
>>             tried nc6
>>                      connection from the initiator. Previously at the
>>             initiator  I
>>             edited
>>                      /etc/hosts (in wich I included IPv6 address of
>>             crossroads and the
>>                      responder hostname) and /etc/hip/hosts (in wich I
>>             included HIT
>>             and
>>                      hostname of the responder) and also restarted both
>>             machines.
>>             But the
>>                      initiator couldn't reach the responder.
>>                      Did I do something wrong?
>>
>>                      Thanks,
>>
>>                      Paola
>>
>>
>>
>>                      2013/10/19 Miika Komu <mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
>>
>>
>>                           Hi Paola,
>>
>>                           I have re-enabled RVS functionality in
>>             crossroads and
>>                      ashenvale now.
>>                           Please bare in mind that a IPv4-over-UDP base
>>             exchange may
>>                      not work
>>                           because your NAT may block it (Teredo may be
>>             needed).
>>
>>
>>                           On 10/19/2013 04:51 PM, Paola Venuso wrote:
>>
>>                               Hi Miika,
>>
>>                               I read on the manual that crossroads could
>>             have been
>>                      used as
>>                               rvs. This
>>                               is written above the table in which are
>>             indicated the
>>                      addresses
>>                               of the
>>                               test servers. Maybe I misunderstood what
>>             is written.
>>                               Anyway I'm installing ubuntu on another
>>             computer and
>>                      trying to
>>                               configure
>>                               the server myself.
>>
>>                               Thanks again,
>>
>>                               Paola
>>
>>                               Il giorno 19/ott/2013 14:40, "Miika Komu"
>>                      <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>                               <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>>
>>                               <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>> ha
>> scritto:
>>
>>
>>
>>                                    Hi Paolo,
>>
>>                                    crossroads is not configured to act as
>> a
>>                      rendezvous (or
>>                               relay). You
>>                                    should deploy and install your own
>>             rendezvous
>>                      server. When
>>                               you have
>>                                    done so, you will see some additional
>>             registration
>>                               information in
>>                                    hipconf output at the responder and
>>             then also the
>>                      initiator
>>                               succeeds
>>                                    with the base exchange.
>>
>>                                    On 10/18/2013 09:44 PM, Paola Venuso
>>             wrote:
>>
>>                                        Hi Miika,
>>
>>                                        I replaced Windows with Ubuntu on
>>             my PCs and
>>                      now the simple
>>                                        connection
>>                                        between the two hosts works
>>             perfectly! :D
>>                                        But I have problems with RVS. I
>> tried
>>                      registering with
>>             crossoroads.infrahip.net 
>> <http://crossoroads.infrahip.**net<http://crossoroads.infrahip.net>
>> >
>>             <http://crossoroads.infrahip._**_net
>>             
>> <http://crossoroads.infrahip.**net<http://crossoroads.infrahip.net>
>> >>
>>                      <http://crossoroads.infrahip._**___net
>>                      <http://crossoroads.infrahip._**_net
>>             
>> <http://crossoroads.infrahip.**net<http://crossoroads.infrahip.net>
>> >>>
>>                               <http://crossoroads.infrahip._**_____net
>>                               <http://crossoroads.infrahip._**___net
>>                      <http://crossoroads.infrahip._**_net
>>             
>> <http://crossoroads.infrahip.**net<http://crossoroads.infrahip.net>
>> >>>>
>>
>>             <http://crossoroads.infrahip._**_______net
>>
>>
>>
>>             <http://crossoroads.infrahip._**_____net
>>                               <http://crossoroads.infrahip._**___net
>>                      <http://crossoroads.infrahip._**_net
>>             
>> <http://crossoroads.infrahip.**net<http://crossoroads.infrahip.net>>>>>>
>> and then
>>                                        started the connection (using
>>             different
>>                      configuration).
>>                               Only I1
>>                                        packet
>>                                        was sent. I stopped the
>>             connection and run
>>                      "hipconf
>>                               daemon get
>>                                        ha all".
>>                                        At the responder I had this output:
>>
>>                                        paola@ProBook:~$ hipconf daemon
>>             get ha all
>>                                        Sending user message 22 to HIPD
>>             on socket 3
>>                                        Sent 40 bytes
>>                                        Waiting to receive daemon info.
>>                                        240 bytes received from HIP daemon.
>>                                        HA is ESTABLISHED
>>                                           Shotgun mode is off.
>>                                           Broadcast mode is off.
>>                                           Local HIT:
>>                      2001:0018:66b5:52d3:e479:7810:**________8446:133b
>>                                           Peer  HIT:
>>                      2001:001b:a9be:c6a6:34e5:8361:**________c07f:a990
>>
>>
>>                                           Local LSI: 1.0.0.1
>>                                           Peer  LSI: 1.0.0.2
>>                                           Local IP: 192.168.1.210
>>                                           Local NAT traversal UDP port:
>>             10500
>>                                           Peer  IP: 193.167.187.134
>>                                           Peer  NAT traversal UDP port:
>>             10500
>>                                           Peer  hostname:
>>             crossroads.infrahip.net 
>> <http://crossroads.infrahip.**net<http://crossroads.infrahip.net>
>> >
>>                      <http://crossroads.infrahip.__**net
>>             <http://crossroads.infrahip.**net<http://crossroads.infrahip.net>
>> >>
>>                               <http://crossroads.infrahip.__**__net
>>                      <http://crossroads.infrahip.__**net
>>             <http://crossroads.infrahip.**net<http://crossroads.infrahip.net>
>> >>>
>>                                        <http://crossroads.infrahip.__**
>> ____net
>>                               <http://crossroads.infrahip.__**__net
>>                      <http://crossroads.infrahip.__**net
>>             <http://crossroads.infrahip.**net<http://crossroads.infrahip.net>
>> >>>>
>>
>>             <http://crossroads.infrahip.__**______net
>>
>>                               <http://crossroads.infrahip.__**____net
>>                      <http://crossroads.infrahip.__**__net
>>                      <http://crossroads.infrahip.__**net
>>             <http://crossroads.infrahip.**net<http://crossroads.infrahip.net>
>> >>>>>
>>
>>
>>
>>                                        While at the initiator I had this
>>             output:
>>
>>                                        paola@ProBook:~$ hipconf daemon
>>             get ha all
>>                                        Sending user message 22 to HIPD
>>             on socket 3
>>                                        Sent 40 bytes
>>                                        Waiting to receive daemon info.
>>                                        240 bytes received from HIP daemon.
>>                                        HA is I1-SENT
>>                                           Shotgun mode is off.
>>                                           Broadcast mode is off.
>>                                           Local HIT:
>>                      20011:0013:e87a:b8e4:68c8:____**____258b:0fb4:68b8
>>                                           Peer  HIT:
>>                      2001:0018:66b5:52d3:e479:7810:**________8446:133b
>>
>>
>>                                           Local LSI: 1.0.0.1
>>                                           Peer  LSI: 1.0.0.2
>>                                           Local IP: 192.168.1.184
>>                                           Local NAT traversal UDP port:
>>             10500
>>                                           Peer  IP: 193.167.187.134
>>                                           Peer  NAT traversal UDP port:
>>             10500
>>                                           Peer  hostname:
>>
>>                                        Thanks,
>>
>>                                        Paola
>>
>>
>>                                        2013/10/17 Paola Venuso
>>             <pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>
>>                      <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>>
>>                               <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>
>>             <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>>>
>>                                        <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>
>>                      <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>>
>>                               <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>
>>                      <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>>>**> <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>
>>                      <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>>
>>                               <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>
>>             <mailto:pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>>>
>>
>>                                        <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>
>>                      <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>> <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>
>>                      <mailto:pa.venuso@xxxxxxxxx
>>             <mailto:pa.venuso@xxxxxxxxx>>>**>__>__>
>>
>>
>>                                             Hi Miika,
>>
>>                                             the reason why I used
>>             virtual machines is
>>                      that I
>>                               couldn't
>>                                        use Linux
>>                                             as the host machine. But now
>>             I convinced
>>                      myself to
>>                               use it
>>                                        because
>>                                             this test I have to run is
>>             for the last
>>                      part of my
>>                               thesis
>>                                        in which I
>>                                             have to use InfraHIP
>>             implementation.
>>                      About miredo
>>                                        configuration, I
>>                                             have the default one (I only
>>             installed
>>                      the miredo
>>                               packet as the
>>                                             manual says) .
>>                                             Tonight I'm going to install
>>             Linux on my
>>                      machines
>>                               and then
>>                                        to try
>>                                             again the test. I hope
>>             everything would
>>                      be ok.
>>                               I'll let you
>>                                        know.
>>
>>                                             Thank you for everything,
>>
>>                                             Paola
>>
>>
>>                                             2013/10/17 Miika Komu
>>             <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>                               <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>>
>>                                        <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
>>                               <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
>>                                        <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx
>> >>>>>>
>>
>>                                                 Hi Paola,
>>
>>                                                 (returning offline
>>             discussion to
>>             online)
>>
>>                                                 my guess of the origins
>>             of your
>>                      problem is
>>                               that the
>>                                        host machine
>>                                                 of your virtual machines
>>             is Windows,
>>                      and it
>>                               does not
>>                                        allow raw
>>                                                 sockets, even for
>>             virtual machines.
>>                      This is
>>                               probably
>>                                        the reason
>>                                                 why
>>             HIP-over-UDP-over-IPv4 works, but
>>                               HIP-over-IPv6
>>                                        doesn't.
>>
>>                                                 If you really want to do
>> NAT
>>                      traversal with
>>                               HIP, please
>>                                        consider:
>>
>>                                                 1. Using Linux (or OS-X)
>>             as the host
>>                      machine
>>                               (Linux
>>                                        live CD/USB
>>                                                 images are available)
>>                                                 2. Use HIP over UDP and
>>             IPv4, and
>>                      employ the relay
>>                                        server as
>>                                                 instructed in the manual
>>             (the relay
>>                      server
>>                               requires a
>>                                        public
>>                                                 IPv4 address)
>>
>>                                                 Btw, your Teredo
>>             configuration is not
>>                      fully
>>                               functional
>>                                        because I
>>                                                 can't reach your VMs,
>>             even though you
>>                      can reach by
>>                                        yourself.
>>
>>                                                 P.S. OpenHIP has some
>>             native support
>>                      for Windows.
>>
>>
>>                                                 On 10/16/2013 07:45 PM,
>>             Paola Venuso
>>                      wrote:
>>
>>                                                     Hi Miika,
>>
>>
>>                                                     at the initiator:
>>
>>                                                     paola2@ubuntu2:~$
>>             lsmod|grep xfrm
>>                                                     xfrm_user
>>                 31160  1
>>                                                     xfrm_algo
>>                 14952  3
>>                               xfrm_user,esp6,esp4
>>                                                     xfrm6_mode_beet
>>                 12577  1
>>                                                     xfrm4_mode_beet
>>                 12498  1
>>
>>
>>
>>                                                     at the responder :
>>
>>                                                     paola@ubuntu:~$
>>             lsmod|grep xfrm
>>                                                     xfrm_user
>>                 31160  1
>>                                                     xfrm_algo
>>                 14952  3
>>                               xfrm_user,esp6,esp4
>>                                                     xfrm6_mode_beet
>>                 12577  2
>>                                                     xfrm4_mode_beet
>>                 12498  2
>>
>>
>>                                                     Then I used ping6
>>             with the server
>>                      address
>>                               and I
>>                                        could reach
>>                                                     it. I
>>                                                     invoked add map
>>             command and
>>             ping6 and
>>                               waited for
>>                                        more then a
>>                                                     minute but
>>                                                     nothing happened so
>>             I stopped it:
>>
>>                                                     paola@ubuntu:~$ ping6
>>
>>
>>               2001:10:5403:41fe:a5df:5f02:__**________9680:b6d2PING
>>
>>
>>
>>
>>             2001:10:5403:41fe:a5df:5f02:__**________9680:b6d2(2001:10:**
>> 5403:____41fe:______a5df:5f02:**9680:____b6d2)
>>
>>
>>                                                     56 data bytes
>>                                                     ^C
>>                                                     ---
>>
>>               2001:10:5403:41fe:a5df:5f02:__**________9680:b6d2 ping
>>
>>
>>                                        statistics ---
>>                                                     222 packets
>>             transmitted, 0
>>                      received, 100%
>>                               packet
>>                                        loss, time
>>                                                     221196ms
>>
>>                                                     paola@ubuntu:~$
>>             hipconf daemon
>>                      get ha all
>>                                                     Sending user message
>>             22 to HIPD
>>                      on socket 3
>>                                                     Sent 40 bytes
>>                                                     Waiting to receive
>>             daemon info.
>>                                                     240 bytes received
>>             from HIP
>>             daemon.
>>                                                     HA is I1-SENT
>>                                                        Shotgun mode is
>> off.
>>                                                        Broadcast mode is
>>             off.
>>                                                        Local HIT:
>>
>>             2001:0012:421d:99a0:005d:d60f:**__________73b0:4407
>>                                                        Peer  HIT:
>>
>>             2001:0010:5403:41fe:a5df:5f02:**__________9680:b6d2
>>
>>
>>                                                        Local LSI: 1.0.0.1
>>                                                        Peer  LSI: 1.0.0.2
>>                                                        Local IP:
>>
>>             3ffe:0000:0000:0000:0000:0000:**__________0000:0002
>>
>>
>>                                                        Local NAT
>>             traversal UDP port: 0
>>                                                        Peer  IP:
>>
>>             3ffe:0000:0000:0000:0000:0000:**__________0000:0001
>>
>>
>>                                                        Peer  NAT
>>             traversal UDP port: 0
>>                                                        Peer  hostname:
>>
>>
>>
>>
>>
>>
>>                                                     2013/10/16 Miika Komu
>>                      <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>                               <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>>
>>                                        <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
>>
>>               <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>                               <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>                               <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>>>>
>>                                        <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>
>>                               <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>>>
>>
>>               <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>                               <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>>
>>                      <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>
>>             <mailto:mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>>
>>                               <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx> <mailto:mkomu@xxxxxxxxx
>>             <mailto:mkomu@xxxxxxxxx>>>>>>>
>>
>>
>>
>>                                                          Hi Paola,
>>
>>
>>                                                          On 10/16/2013
>>             12:46 PM,
>>                      Paola Venuso
>>                               wrote:
>>
>>                                                              Hi Miika,
>>
>>                                                              I deleted
>>             the incorrect
>>                      line with
>>                                        "hipconf" and
>>                                                     changed the
>>                                                              debug mode
>>                                                              to "all".
>>             I'm sending
>>                      two emails
>>                               with the
>>                                        output of
>>                                                     the debug
>>                                                              because
>>                                                              the message
>>             is too big.
>>
>>
>>                                                          What does
>>             "lsmod|grep xfrm"
>>                      give you? It
>>                                        should be:
>>                                                          xfrm_user
>>             35921  1
>>                                                          xfrm6_mode_beet
>>             12658  7
>>                                                          xfrm4_mode_beet
>>             12611  7
>>
>>
>>                                                              This is the
>>             output of
>>                      the initiator
>>
>>
>>                                                          I failed to see
>> any
>>             3ffe::xx/64
>>                               addresses in
>>                                        the log.
>>                                                     Did you forget
>>                                                          to invoke
>>             "hipconf daemon
>>                      add map"?
>>
>>                                                          Here's an
>>             example (please do
>>                      not copy
>>                               paste
>>                                        blindly,
>>                                                     you need to
>>                                                          change the
>>             addresses and
>>                      interface
>>                               names):
>>
>>                                                          server:
>>                                                             sudo ip addr
>> add
>>                      3ffe::1/64 dev
>>                               eth0 # add
>>                                        IPv6 addr
>>                                                     for server
>>
>>                                                          client:
>>                                                             sudo ip addr
>> add
>>                      3ffe::2/64 dev
>>                               eth0 # add
>>                                        IPv6 addr
>>                                                     for client
>>                                                             ping6
>>             3ffe::2 # can you
>>                      reach the
>>                               server?
>>                                                             sudo hipconf
>>             daemon rst
>>             all #
>>                               reset hipd
>>                                        daemon state
>>                                                             hipconf
>>             daemon add map
>>
>>                      2001:15:e156:8a78:3226:dbaa:__**__________f2ff:ed06
>>                                                          3ffe::1
>>                                                             ping6
>>
>>             2001:15:e156:8a78:3226:dbaa:__**__________f2ff:ed06
>>
>>
>>
>>                                                             <wait for
>>             one minute>
>>                                                             PING
>>
>>
>>
>>
>>
>>             2001:15:e156:8a78:3226:dbaa:__**
>> __________f2ff:ed06(2001:15:__**e156:____8a78:______3226:dbaa:**
>> __f2ff:____ed06)
>>
>>
>>
>>                                                          56 data bytes
>>                                                          64 bytes from
>>
>>
>>               2001:15:e156:8a78:3226:dbaa:__**__________f2ff:ed06:
>>                      icmp_seq=2
>>
>>
>>                                                          ttl=64 time=29.8
>> ms
>>                                                          64 bytes from
>>
>>
>>               2001:15:e156:8a78:3226:dbaa:__**__________f2ff:ed06:
>>                      icmp_seq=3
>>
>>
>>
>>                                                          ttl=64 time=47.5
>> ms
>>
>>                                                          I'd like to see
>>             "hipconf
>>                      daemon get
>>                               ha all" output
>>                                                     after this.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>

Other related posts: