[hipl-users] Re: problems with HIPL 1.0.7
- From: Miika Komu <mkomu@xxxxxxxxx>
- To: hipl-users@xxxxxxxxxxxxx
- Date: Wed, 30 May 2012 09:52:15 +0300
Hi,
On 05/28/2012 11:20 AM, Nerea Toledo Gandarias wrote:
Hi,
we are facing some problems with the HIPL release 1.0.7.
We have two PCs with ubuntu 10.04 running on a 2.6.32-38 kernel. We have
installed HIPL through compilation.
I assume that you're running precise, right? It appears that there has
been some changes in Precise related to DNS.
In the /etc/hosts file of the initiator (crash) we have the following:
HIT_de_oops oops
ipv6_de_oops oops
In both hosts, we have the demon running, but the firewall and the dns
are shutted down.
If we do the following in oops
nc6 -l -p 1111
and in crash
nc6 oops 1111
you can try with -v option to get verbose output and you'll notice that
nc6 did not select a HIT.
we can see using the wireshark that the HIP association is established
correctly, but the application (netcat) establishes the TCP session
before the HIP association is established, that is, it does not wait to
HIP. Then, we have seen that the data goes in clear over the TCP
connection, instead of going through ESP. We do see ESP traffic, but it
belongs to ICMPv6 pings in both directions.
Was the HIP association really related to connection you're trying to
establish? Hipd creates automatically another association with our our
DNS server. Check "hipconf daemon get ha all" output.
("hipconf daemon rst all" might be useful as well)
On the other hand, if we do nc6 HIT_de_crash 1111 instead of nc6 crash
1111, it works perfectly.
Why can this be?
I can repeat this problem. I noticed that it does not repeat when using
IPv4 locators. As another workaround, you can store the locator mapping
only in hipd_config (daemon add map HIT IP) and have only the HIT in
hosts files (requires restarting hipd).
I have a deadline on 2th of July and I cannot contribute a proper fix to
this problem before this, sorry.
Other related posts:
