Chapter 6. Testing a HIP connection between two hosts

HIPL developers test HIP using two machines called crash (3ffe::1) and oops (3ffe::2). They are used through this whole document as examples even though you probably have your own naming and addressing conventions. It is possible to use IPv4 addresses on-wire as well but the applications being used need to support IPv6 currently.

We expect that you have two hosts for testing HIP which will be referred to as "crash" and "oops". You should run these commands in the testing hosts as root. conntest-client-gai and conntest-server can also be run as a non-root user, with conntest-server using port numbers less than 1024 still requires root privileges.

oops:

Crash will act as the connection initiator, so we need to configure the hosts files of crash (note: use of IPv4 addresses is also possible):

crash:

This will setup a HIP connection between the two hosts (it may take a while if you are using virtual machines). You should replace HIT_OF_XXX with the HIT of the host XXX. The hip daemon loads (and creates if necessary) the host identities from /etc/hip automatically. If you want to know the HITs of the localhost, run "ifconfig dummy0" or "ip addr show dummy0".

Mappings between HITs and IP addresses are usually set up automatically with the hosts files. Manual configuration is also possible but not necessary:

tools/hipconf add map PEER_HIT PEER_IP

You can also add the mapping to "/etc/hip/hipd_config" and restart hipd. It is also possible to use DNS or OpenDHT (Chapter 18, OpenDHT Support (Experimental!)) for the mappings.

Link local IPv6 addresses are not supported well, so do not use them. Use global IPv6 addresses instead for testing. The reason for this is that it is hard to know if the peer belongs to the same local network as we are or not.

See the log messages for information about the result of HIP base exchange and USAGI IPSec negotiation. Tcpdump or ethereal are good tools for dumping the network traffic during the base exchange. For tcpdump, you can use "tcpdump -n -i any esp or proto 253 or port 50500" to catch HIP-only traffic.

There is also a program called "hipsetup" in "hipl/test" directory for quick testing of the base exchange. Run it without arguments to see how it is used.