rohc team mailing list archive
-
rohc team
-
Mailing list archive
-
Message #02007
Re: IPROHC certificate cannot be verified
Hi Didier,
*Testing between two public cloud servers*
I am testing between two public IP cloud servers. I am not sure about NAT
settings but IP tables are not running. Below are configured interfaces on
server and client boxes.
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet X.X.X.X netmask 255.255.255.0 broadcast X.X.X.X
inet6 fe80::601:7cff:feb9:3701 prefixlen 64 scopeid 0x20<link>
ether 04:01:7c:b9:37:01 txqueuelen 1000 (Ethernet)
RX packets 141 bytes 16722 (16.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 201 bytes 24020 (23.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::601:7cff:feb9:3702 prefixlen 64 scopeid 0x20<link>
ether 04:01:7c:b9:37:02 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1860 (1.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
*Testing over LAN*
I also tested between on two Ubuntu boxes on LAN setup. Now, it seems
client is connecting to server properly. I Tested PING requests between
client and servers. When I verified packet transmission statistics, *all
packet size are being shown zero in server statistics. *Please suggest me
further.
https://rohc-lib.org/wiki/doku.php?id=iprohc-run
IPROHC version is 0.8.0 for both server and client.
Started server and client using below commands
sudo iprohc_server -b eth0 &
sudo iprohc_client -r 192.168.0.119 -beth0 -i tun_ipip -P
demoCA/certs/IpRohcClient1/client1.p12
Attached the server and client logs of server machines and server
configuration file.
Below are the network interfaces on local server.
eth0 Link encap:Ethernet HWaddr 00:19:66:66:0c:81
inet addr:192.168.0.119 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::219:66ff:fe66:c81/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:99050 errors:0 dropped:47 overruns:0 frame:0
TX packets:82909 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15556076 (15.5 MB) TX bytes:13712924 (13.7 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:11994 errors:0 dropped:0 overruns:0 frame:0
TX packets:11994 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1015980 (1.0 MB) TX bytes:1015980 (1.0 MB)
tun_ipip Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.0.0 P-t-P:192.168.0.0 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1458 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
*Code changes while compiling iprohc on Ubuntu servers*
Also, I made code changes in iprohc as I was unable to install apt-get
iproute-dev in Ubuntu and was getting errors like "tun_helpers.c:31:24:
fatal error: libnetlink.h: No such file or directory"
Commented code like below and other changes made as per URL(I am unable to
fine URL now. I am trying to get it)
libiprohc_common_la_LIBADD = \
-lgnutls \
-lrohc
# -lnetlink
On Thu, Nov 5, 2015 at 2:30 PM, Didier Barvaux <didier@xxxxxxxxxxx> wrote:
> Hi,
>
> > Thank you, Didier,
> > Attached the logs with smaller size. Please verify and suggest me
> > further.
>
> You're welcome. I looked at the log files. I would say that the control
> channel established correctly but that the data channel doesn't. It
> could be related to NAT or filtering.
>
> Is there a NAT gateway or a network firewall between your client and
> your server?
>
> Regards,
> Didier
>
> PS: See the wiki for the terms control and data channels:
> https://rohc-lib.org/wiki/doku.php?id=iprohc-overview#software_architecture
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~rohc
> Post to : rohc@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~rohc
> More help : https://help.launchpad.net/ListHelp
>
>
Nov 9 00:23:49 hiral-jpc iprohc_client[2928]: MTU of underlying interface 'eth0' set to 1500 bytes
Nov 9 00:23:49 hiral-jpc iprohc_client[2928]: MTU of tunnel interface 'tun_ipip' set to 1458 bytes
Nov 9 00:23:49 hiral-jpc iprohc_client[2928]: local address 192.168.0.109:52966 is used to contact server
Nov 9 00:23:49 hiral-jpc iprohc_client[2928]: [192.168.0.119] new connection from 192.168.0.119:3126
Nov 9 00:23:49 hiral-jpc iprohc_client[2928]: tunnel thread started
Nov 9 00:23:49 hiral-jpc iprohc_client[2928]: start of thread
Nov 9 00:23:49 hiral-jpc iprohc_client[2928]: TLS handshake succeeded
Nov 9 00:23:49 hiral-jpc iprohc_client[2928]: remote certificate accepted
Nov 9 00:23:49 hiral-jpc iprohc_client[2928]: send connect message to remote peer
Nov 9 00:23:49 hiral-jpc iprohc_client[2928]: session is now fully established
Nov 9 00:34:51 hiral-jpc iprohc_client[2928]: user with UID 0 asked the IP/ROHC client to shutdown
Nov 9 00:34:51 hiral-jpc iprohc_client[2928]: client interrupted, interrupt established session
Nov 9 00:34:51 hiral-jpc iprohc_client[2928]: stop session
Nov 9 00:34:51 hiral-jpc iprohc_client[2928]: [main] ask client 192.168.0.119 to stop
Nov 9 00:34:51 hiral-jpc iprohc_client[2928]: close TLS session
Nov 9 00:34:51 hiral-jpc iprohc_client[2928]: end of thread
Nov 9 00:34:51 hiral-jpc iprohc_client[2928]: close session
Nov 9 00:34:51 hiral-jpc iprohc_client[2928]: free TLS resources
Attachment:
iprohc_server.conf
Description: Binary data
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: 65535 IP addresses available for 50 clients in IP range 192.168.0.0/16
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: Max clients : 50
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: Port : 3126
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: P12 file : /etc/ssl/server_voip.p12
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: Pidfile : /var/run/iprohc_server.pid
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: Tunnel params :
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: . Local IP : 192.168.0.0/16
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: . Packing : 5
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: . Max cid : 15
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: . Unid : 0
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: . Keepalive : 60
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: [main] set system limit for the number of file descriptors to 520
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: [main] load server certificate from file '/etc/ssl/server_voip.p12'
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: [main] generate Diffie–Hellman parameters (it takes a few seconds)
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: [main] listen on TCP 0.0.0.0:3126
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: [main] create TUN interface
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: MTU of underlying interface 'eth0' set to 1500 bytes
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: MTU of tunnel interface 'tun_ipip' set to 1458 bytes
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: [main] start TUN routing thread
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: [main] create RAW socket
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: [main] start RAW routing thread
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: [main] server is now ready to accept requests from clients
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: [route] Initializing routing thread
Nov 9 00:23:31 jpcbackup iprohc_server[15585]: [route] Initializing routing thread
Nov 9 00:23:49 jpcbackup iprohc_server[15585]: [main] new connection from client
Nov 9 00:23:49 jpcbackup iprohc_server[15585]: [main] will store client 1/50 at index 0
Nov 9 00:23:49 jpcbackup iprohc_server[15585]: [192.168.0.109] new connection from 192.168.0.109:52966
Nov 9 00:23:49 jpcbackup iprohc_server[15585]: start of thread
Nov 9 00:23:49 jpcbackup iprohc_server[15585]: TLS handshake succeeded
Nov 9 00:23:49 jpcbackup iprohc_server[15585]: remote certificate accepted
Nov 9 00:23:49 jpcbackup iprohc_server[15585]: [client 192.168.0.109] connection request received from client
Nov 9 00:23:49 jpcbackup iprohc_server[15585]: [client 192.168.0.109] connection asked, negotating parameters
Nov 9 00:23:49 jpcbackup iprohc_server[15585]: [client 192.168.0.109] connection asked, negotating parameters (proto version = 2, asked packing = 0)
Nov 9 00:23:49 jpcbackup iprohc_server[15585]: [client 192.168.0.109] client fully established session
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] dump stats for all clients
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] --------------------------------------------
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] status: connected
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] packing: 5
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] stats:
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] failed decompression: 0
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] total decompression: 0
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] failed compression: 0
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] total compression: 0
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] failed depacketization: 0
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] total received packets on raw: 0
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] total compressed header size: 0 bytes
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] total compressed packet size: 0 bytes
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] total header size before comp: 0 bytes
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] total packet size before comp: 0 bytes
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] stats packing:
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] 1 packets: 0
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] 2 packets: 0
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] 3 packets: 0
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] 4 packets: 0
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] 5 packets: 0
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] [client 192.168.0.109] --------------------------------------------
Nov 9 00:24:45 jpcbackup iprohc_server[15585]: [main] end of stats dump
Follow ups
References
-
IPROHC certificate cannot be verified
From: syskan syskan, 2015-10-15
-
Re: IPROHC certificate cannot be verified
From: Didier Barvaux, 2015-10-18
-
Re: IPROHC certificate cannot be verified
From: syskan syskan, 2015-10-20
-
Re: IPROHC certificate cannot be verified
From: syskan syskan, 2015-10-26
-
Re: IPROHC certificate cannot be verified
From: Didier Barvaux, 2015-10-27
-
Re: IPROHC certificate cannot be verified
From: syskan syskan, 2015-10-28
-
Re: IPROHC certificate cannot be verified
From: Didier Barvaux, 2015-10-29
-
Re: IPROHC certificate cannot be verified
From: Didier Barvaux, 2015-10-29
-
Re: IPROHC certificate cannot be verified
From: syskan syskan, 2015-11-03
-
Re: IPROHC certificate cannot be verified
From: Didier Barvaux, 2015-11-03
-
Re: IPROHC certificate cannot be verified
From: syskan syskan, 2015-11-04
-
Re: IPROHC certificate cannot be verified
From: Didier Barvaux, 2015-11-05
