HIP and Miredo

Out of interest, professional and/or "just for the sake of it", I started figuring out how to use Miredo (Teredo implementation for Linux) with HIP. Oh and partly because yesterday I saw presentation about Miredo by the implementor. Also it has been talked on hipl-users mailinglist. So I have more than enough interest to see how this works.

It sounds like an easy task. Just "aptitude search miredo" and everything you need is found (Remember I am Ubuntu user so on other distros this might be different). Miredo itself and miredo-server. So, "sudo aptitude install miredo" on both peers and you will have miredo ready. Refer to the installation of HIPL to the manual provided by Infrahip project. About configuration of miredo you can refer to natisbad.com's manual or to the implementors site. See also the man pages, "man miredo". For me the defaults were OK.

After you have installed miredo packet on the peers You should see a teredo interface if you issue "ifconfig" command in your terminal. In the teredo interface you should see link local address and global scope address. To see if that everything is working you can start for example your tcpdump and ping the peer with the teredo interfaces IPv6 global scope teredo address. So, run on the responder side, "sudo tcpdump -i any -n host <initiators_IPv4>". Then on the initiator side run "ping6 <responders_teredo_addr>". Now you should see that by pinging the IPv6 teredo address of the responder you get answer to it and the responders tcpdump sees IPv4 traffic between the peers.

Now to the interesting part, what happens if HIP is put on top of teredo. So lets play around with the hosts files. Put the teredo address of the responder and a name to the /etc/hosts. Then use the same name and responders HIT and put them into /etc/hip/hosts. This can also be done with "hipconf add map" option dynamically without changing the hosts files.

Now run hipd on both peers (If the Responder has IPv6 it can communicate with the Teredo client through a Teredo relay without running Miredo itself) and on the initiator type into the following command into a terminal, "ping6 <HIT of responder>". Now you should get ping through and if you are still running the tcpdump on the responder you should see that the BEX was run and ESP is flowing between the peers (NOTE! that all traffic is UDP encapsulated). You can also check that "sudo hipconf get ha all" returns something similar than the following.

 Local HIT: 2001:0014:06cf:fae7:bb79:bf78:7d64:c056
 Peer  HIT: 2001:0011:8ed8:059b:95ff:0c8b:8aba:9c24
 Local LSI:
 Peer  LSI:
 Local IP: 2001:0000:53aa:064c:1cc2:48a2:7f29:8de5
 Peer  IP: 2001:0000:53aa:064c:041b:4f92:7f29:8e3b

This just shows that the Host Association is OK and in ESTABLISHED state. So as a conclusion it was maybe even too easy to get it working but still a nice change to the usual fighting with building/configuring/etc.

All of these manuals/tutorials are provided as is. They worked for me and that is all the help I give with them, so if I forgot something or there is a typo you can inform me but do not expect me to solve your problems :) Oh and almost forgot, use them at your own risk.