[hipl-users] Spoke too soon. Re: Re: conntest not working
- From: Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>
- To: hipl-users@xxxxxxxxxxxxx
- Date: Mon, 15 Dec 2008 15:28:19 -0500
Spoke too soon.
Robert Moskowitz wrote:
Robert Moskowitz wrote:
Both systems running Centos and hipl userspace patch 2018.
Server hipl installed with 'make install', and this is the system
that did the 'make rpm' to supply the rpms to the other system where
I had done a 'yum update hip*'.
Just ran another test. On a third system where I did a clean tla get
and a 'make install', also running Centos. This third system is the
conntest-server and what was the server before (the system where I did
a 'make install', thus eliminating any potential rpm sourced problems)
is running conntest-client-hip. I am seeing the same sort of messages
in the hipfw terminal window. Again I see I1s showing in the tcpdump
but the server is not showing them in its tcpdump nor is its hipfw
session reporting recieving anything.
I just looked back at the test systems, I had not closed off the
conntest, jsut kind of jumped when nothing was happening. Well it
finally did work.
So I tried the first test again. It took a VERY long time, but finally
after what looked like the 7the I1 being sent, the test succeeded.
Really weird and all too slow.
Now I will try from a FC10 client (running native).
All systems are at patch level 2012.
IPv6 address of server coded in /etc/hosts and its HIT in
/etc/hip/hosts of the client.
hipd running in foreground in a terminal. 'hipfw -Aid' also in
foreground in another terminal. 'tcpdump -n -i any esp or proto 139'
in another terminal. This is on both the server and client system.
Using 'conntest-server tcp 5902' (5902 being used because I have a
specific rule to allow 5902).
Client runs 'conntest-client-hip nc4010.htt tcp 5902' (before I
started any hip code, a 'ping6 -n nc4010.htt' showed connectivity,
and I double checked the HIT in /etc/hip/hosts).
I see I1s being sent but the server does not show recieving them.
Attached is the content of the clients firewall terminal session.
What am I missing here?
Other related posts:
