Hi Miika, hipd is running at the responder, the firewall is not blocking HIP traffic and I don't use redhat-based distro. This is the output of the commands from the manual: paola@ubuntu:~$ dpkg -l 'hipl*' Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Nome Versione Descrizione +++-==============-==============-============================================ ii hipl-all 1.0.8-6429 HIP for Linux full software bundle ii hipl-daemon 1.0.8-6429 HIP for Linux IPsec key management and mobil ii hipl-dnsproxy 1.0.8-6429 HIP for Linux name lookup proxy ii hipl-doc 1.0.8-6429 HIP for Linux documentation ii hipl-firewall 1.0.8-6429 HIP for Linux multi-purpose firewall daemon un hipl-minimal <nessuna> (nessuna descrizione disponibile) un hipl-tools <nessuna> (nessuna descrizione disponibile) paola@ubuntu:~$ hipconf daemon get ha all Sending user message 22 to HIPD on socket 3 Sent 40 bytes Waiting to receive daemon info. 240 bytes received from HIP daemon. HA is I1-SENT Shotgun mode is off. Broadcast mode is off. Local HIT: 2001:0012:421d:99a0:005d:d60f:73b0:4407 Peer HIT: 2001:001a:2a72:f01c:d98e:311c:c76a:57c4 Local LSI: 1.0.0.1 Peer LSI: 1.0.0.2 Local IP: 2001:0000:53aa:064c:2cde:3e12:4367:467f Local NAT traversal UDP port: 10500 Peer IP: 2001:0708:0140:0220:0000:0000:0000:0016 Peer NAT traversal UDP port: 10500 Peer hostname: ------------------------------------------------------------------------------------------------------------------------ paola@ubuntu:~$ uname -a Linux ubuntu 3.5.0-41-generic #64~precise1-Ubuntu SMP Thu Sep 12 17:01:55 UTC 2013 i686 i686 i386 GNU/Linux paola@ubuntu:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04.3 LTS Release: 12.04 Codename: precise ------------------------------------------------------------------------------------------------------------------------ paola@ubuntu:~$ cat /etc/hip/hipd.conf # Format of this file is as with hipconf, but without "hipconf daemon" prefix # add hi default # add all four HITs (see bug id 592127) # add map HIT IP # preload some HIT-to-IP mappings to hipd # add service rvs # the host acts as HIP rendezvous (also see relay.conf) # add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to rendezvous server # add server relay [RELAY-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to relay server # add server full-relay [RELAY-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register to relay server hit-to-ip on # resolve HITs to locators in dynamic DNS zone # hit-to-ip set hit-to-ip.infrahip.net. # resolve HITs to locators in dynamic DNS zone nsupdate on # send dynamic DNS updates # add server rvs hiprvs.infrahip.net 50000 # Register to free RVS at infrahip # heartbeat 10 # send ICMPv6 messages inside HIP tunnels # locator on # host sends all of its locators in base exchange # shotgun on # use all possible src/dst IP combinations to send I1/UPDATE # broadcast on # broadcast to LAN if no matching IP address found # opp normal|advanced|none # transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL) nat plain-udp # use UDP capsulation (for NATted environments) #nat port local 11111 # change local default UDP port #nat port peer 22222 # change local peer UDP port debug medium # debug verbosity: all, medium, low or none default-hip-version 1 # default HIP version number for the I1 message. (1=HIPv1, 2=HIPv2) ------------------------------------------------------------------------------------------------------------------------ paola@ubuntu:~$ sudo iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination HIPFW-INPUT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 139 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 139 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:10500 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmpv6-- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 1.0.0.0/8 1.0.0.0/8 Chain FORWARD (policy ACCEPT) target prot opt source destination HIPFW-FORWARD all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 139 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:10500 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmpv6-- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 1.0.0.0/8 1.0.0.0/8 Chain HIPFW-FORWARD (1 references) target prot opt source destination Chain HIPFW-INPUT (1 references) target prot opt source destination NFQUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:10500 NFQUEUE num 0 NFQUEUE udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:10500 NFQUEUE num 0 NFQUEUE esp -- 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0 Chain HIPFW-OUTPUT (1 references) target prot opt source destination NFQUEUE all -- 0.0.0.0/0 1.0.0.0/8 NFQUEUE num 0 ------------------------------------------------------------------------------------------------------------------------ paola@ubuntu:~$ sudo ip6tables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination HIPFW-INPUT all ::/0 ::/0 ACCEPT all 2001:10::/28 2001:10::/28 Chain FORWARD (policy ACCEPT) target prot opt source destination HIPFW-FORWARD all ::/0 ::/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination HIPFW-OUTPUT all ::/0 ::/0 ACCEPT all 2001:10::/28 2001:10::/28 Chain HIPFW-FORWARD (1 references) target prot opt source destination Chain HIPFW-INPUT (1 references) target prot opt source destination NFQUEUE esp ::/0 ::/0 NFQUEUE num 1 NFQUEUE all ::/0 2001:10::/28 NFQUEUE num 1 Chain HIPFW-OUTPUT (1 references) target prot opt source destination NFQUEUE udp ::/0 2001:10::/28 NFQUEUE num 1 NFQUEUE icmp ::/0 2001:10::/28 NFQUEUE num 1 NFQUEUE tcp ::/0 2001:10::/28 NFQUEUE num 1 NFQUEUE icmpv6 ::/0 2001:10::/28 NFQUEUE num 1 ------------------------------------------------------------------------------------------------------------------------ paola@ubuntu:~$ ps axu | grep hip nobody 1002 0.0 0.1 4980 2004 ? S 14:21 0:00 /usr/sbin/hipd -bkN nobody 1092 0.0 0.1 5116 1220 ? S 14:21 0:00 /usr/sbin/hipfw -bklpFi root 1477 0.0 0.6 10860 6576 ? S 14:21 0:00 python /usr/sbin/hipdnsproxy -k root 3144 0.0 0.0 0 0 ? Z 14:22 0:00 [hipconf] <defunct> paola 3304 0.0 0.0 4412 832 pts/0 S+ 14:32 0:00 grep --color=auto hip ------------------------------------------------------------------------------------------------------------------------ paola@ubuntu:~$ ps axu | grep dns root 1477 0.0 0.6 10860 6576 ? S 14:21 0:00 python /usr/sbin/hipdnsproxy -k nobody 2155 0.0 0.1 5400 1388 ? S 14:21 0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.0.1 --conf-file=/var/run/nm-dns-dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus --conf-dir=/etc/NetworkManager/dnsmasq.d paola 3307 0.0 0.0 4412 836 pts/0 S+ 14:32 0:00 grep --color=auto dns Thanks a lot, Paola 2013/10/9 Miika Komu <mkomu@xxxxxxxxx> > Hi Paola, > > please provide some more information as instructed in the manual: > > http://hipl.hiit.fi/hipl/**manual/HOWTO.html#quick<http://hipl.hiit.fi/hipl/manual/HOWTO.html#quick> > > Some additional questions: > > * Are running hipd at the responder? > * Is there a firewall blocking HIP traffic (default UDP port 10500) > * If you use redhat-based distro, have you disabled SElinux (please refer > to the manual)? > > > On 10/09/2013 12:27 PM, Paola Venuso wrote: > >> Hi, >> I have an update. I tried again direct communication and now the >> initiator can send the I1 packet. I tried also with Teredo addresses but >> its the same, I can see only I1 packet. >> >> >> 2013/10/8 Paola Venuso <pa.venuso@xxxxxxxxx <mailto:pa.venuso@xxxxxxxxx>> >> >> >> I typed wrong the name of the version, I've already installed the >> latest version. Anyway I tried out direct communications as you >> said, with different configurations, but with no success. I'm sorry >> to bother you but I don't know what else to do. I read the manual >> several times but obviously I'm still missing something. Maybe >> something about hipl firewall? >> >> Thanks for your help. >> >> >> >> >> 2013/10/8 Miika Komu <mkomu@xxxxxxxxx <mailto:mkomu@xxxxxxxxx>> >> >> >> Hi Paola, >> >> >> On 10/08/2013 01:44 PM, Paola Venuso wrote: >> >> Hi Miika, >> Thanks for the quik answer. I'll try what you said. About >> the latest >> version, where can I find it? I downloaded the hipl 1.0.7 >> release from >> the infrahip site but I saw nothing about the latest version. >> >> Thank you very much, >> >> >> Source code: >> >> >> http://hipl.hiit.fi/index.php?**__index=source<http://hipl.hiit.fi/index.php?__index=source> >> >> >> <http://hipl.hiit.fi/index.**php?index=source<http://hipl.hiit.fi/index.php?index=source> >> > >> >> There are multiple ways to get HIPL source code: binary release, >> bazaar and the nightly tarball. >> >> The binaries are here: >> >> >> http://hipl.hiit.fi/index.php?**__index=download<http://hipl.hiit.fi/index.php?__index=download> >> >> <http://hipl.hiit.fi/index.**php?index=download<http://hipl.hiit.fi/index.php?index=download> >> > >> >> >> >> > >