Installation

From OpenHIP

This section describes how to build, from source or installer program, the binaries needed to run HIP. At the end of this process, you should have created hip and hitgen binaries, and installed them into an appropriate target directory in your path. You then need to proceed to the Configuration step.

Contents 1 Getting Started 1.1 Supported Platforms 1.2 Prerequisites 1.3 Target directories 1.4 Obtaining the software 2 Linux user-mode 2.1 Building from source on Linux in User-mode 2.2 RPM Installation 2.3 DEB Installation 3 Linux kernel-mode 3.1 Building from source on Linux with kernel patch 4 Windows 4.1 Windows Installation 4.2 Building from source on Windows XP 4.3 Old instructions for Building from source on Cygwin 5 Mac OS X 5.1 OS X installer 5.2 Building from source on OS X in User-mode 6 FreeBSD 7 Building Releases 8 Troubleshooting

Getting Started

Supported Platforms

The HIP software runs on 32-bit Windows, OS X (10.4.6 through 10.4.10 are supported, both PowerPC and Intel architectures), and recent versions of 32-bit or 64-bit Linux.

There are two ways to run this HIP software, depending on your operating system and whether or not you want to patch your kernel:

1. entirely in userspace, for Linux (user-mode HIP, or UMH), OS X, and Windows XP (HIP for Windows service or console app)
2. with kernel support, for Linux only

Both architectures consist of a user-space HIP daemon (hip) and patches to IPsec tools. Also included is a hitgen utility used for initial setup and generating Host Identities, and scripts for setting up HIP.

Prerequisites

The daemon requires the following libraries (the most recently tested version are listed in parenthesis, but these exact versions are not required):

• openssl (0.9.8g) cryptographic libraries
• libxml2 (2.6.32) XML libraries
• (kernel-mode only) libipsec from ipsec-tools (0.6.6 patched with ipsec-tools-0.6.6-hip.patch) only if you are using the Linux kernel version

The XML library is used for generating and parsing all of hipd's configuration files. The cryptographic library provides hashing (SHA, MD5, HMAC), encryption (3DES, BLOWFISH, AES), and public key signing/verification (RSA, DSA). Libipsec is used to send PFKEY messages that manage the IPsec security associations.

Here is a set of packages you will likely need if trying to install on a minimal Linux machine (based on Debian package names):

 pkg-config libxml2 libxml2-dev gcc g++ make automake autoconf binutils openssh-server openssl libssl-dev

Target directories

By default, when building from source or when installing the RPMs or OS X installer, "make install" will install the the hip and hitgen binaries files in /usr/local/sbin/, and later configuration files in /usr/local/etc/hip/.

You can specify an installation prefix other than usr/local/ by giving configure the option "--prefix=PREFIX. Examples:

• ./configure --prefix=`pwd`    will install the software in the hip/sbin/ and hip/etc/hip/ directories and not in any system directories; this may be preferable if you are just trying HIP and don't want an install that touches the system
• ./configure --prefix=/    will install the software in the /sbin/ directory, and correspondingly, the configuration files will be deposited in /etc/hip/ directory.

Or you can skip the make install step and manually move the binary and configuration files where you want them later.

On Windows, the default installation directory is C:\Program Files\OpenHIP\

Obtaining the software

OpenHIP binary releases are available from the SourceForge download area.

To build from source you should download the platform-independent hip-n.n.tgz source tarball from the SourceForge download area, or grab the lastest development version from the SourceForge subversion repo.

Linux user-mode

Building from source on Linux in User-mode

Instructions for building HIP on Linux without modifying the Linux kernel.

RPM Installation

How to install user-mode HIP from the RedHat RPM package.

DEB Installation

How to install user-mode HIP from the Debian DEB package.

Linux kernel-mode

Building from source on Linux with kernel patch

Instructions for setting up a HIP development environment for HIP with kernel support.

Windows

Windows Installation

A binary Windows installer is available for 32-bit versions of Windows XP, Windows Vista, and Windows 7. This has not been tested on 64-bit Windows systems, it may work. Run the openhip-n.n-install.exe program. The program will ask you to accept the license agreement, configure a host identities, and may raise a dialog box asking for permission to install a TAP-Win32 driver. After completion, the OpenHIP programs are available in the Start menu, as well as an uninstaller.

Building from source on Windows XP

Instructions for compiling a native 32-bit version of HIP with MSVC++.

Old instructions for Building from source on Cygwin

Note: These instructions pertain only to older versions of OpenHIP. Cygwin is no longer supported.

Mac OS X

OS X installer

An OS X universal binary installer is available at the download site. After downloading openhip-n.n.dmg from the download site, mount the disk image and double-click on the installer executable. The installer will prompt you to accept the license agreement, allow customization of installation parameters and will launch an application that will allow you to configure a host identity and generate a configuration for the hip daemon.

After a successfull install, the openhip readme will be displayed. The readme contains more information on invoking, configuring and uninstalling openhip.

Building from source on OS X in User-mode

Instructions for building HIP on OS X without modifying the OS X kernel.

FreeBSD

We are seeking a developer interested in porting to BSD.

Building Releases

The Building Releases page describes the build process for creating installers on the various platforms.

Troubleshooting

This section describes some problems that users have found in installing or running OpenHIP, and the resolutions, if any.

• configure fails; no package libxml-2.0 found

• Description: ./configure fails with this error

checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for HIP... configure: error: Package requirements (libxml-2.0) were not met:

No package 'libxml-2.0' found

• OpenHIP version: hip-0.5 and later
• Platform: Linux
• Resolution: (pending)

• Cannot compile patched ipsec-tools

• Reported by: Zalavary Akos, Goerges Papas
• Description: After patching ipsec-tools successfully, configure fails with the following error.

./configure :line 23322:syntax error near unexpected token "MD5_Init"
./configure :line 23322:"RACOON_PATH_LIBS(MD5_Init, crypto)"
make [config.status] Error 2 

• OpenHIP version: hipd-0.3.1 and later
• Platform: UHU linux (also SuSE Linux), libxml, openssl
• Mailing list reference: http://sourceforge.net/mailarchive/forum.php?thread_id=9081818&forum_id=45227
• Resolution: (Contributed by Derek S) Run the "bootstrap" script before configure.

• User-mode HIP dies in "make hitgen" step

• Reported by: Tom Henderson
• Description: "make hitgen" dies as follows:

gcc -Wall -O2 -DCONFIG_HIP -I/usr/include/libxml2    -c -o hip_globals.o hip_globals.c
gcc -Wall -O2 -DCONFIG_HIP -I/usr/include/libxml2    -c -o hip_ipsec.o hip_ipsec.c
hip_ipsec.c: In function `sadb_readdress':
hip_ipsec.c:464: error: `SADB_READDRESS' undeclared (first use in this function)
hip_ipsec.c:464: error: (Each undeclared identifier is reported only once
hip_ipsec.c:464: error: for each function it appears in.)
hip_ipsec.c: In function `sadb_lsi':
hip_ipsec.c:755: error: `SADB_HIP_ACQUIRE' undeclared (first use in this function)  
etc...                                                                            

• OpenHIP version: hipd-0.3.1
• Platform: User-Mode HIP for Linux
• Mailing list reference: None
• Resolution: This will be fixed in next release of hipd. For now, this patch will help:

--- hip_ipsec.c 12 Jan 2006 00:13:52 -0000      1.53
+++ hip_ipsec.c 18 Jan 2006 23:13:25 -0000
@@ -57,6 +57,19 @@

 #define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t) / sizeof(uint8_t))

+/* XXX these are needed for Linux UML compilation
+ * Should be instead handled by configure process
+ */
+#ifndef SADB_GETSEQ
+#define SADB_GETSEQ    24
+#define SADB_GETLSI    25
+#define SADB_READDRESS   26
+#define SADB_HIP_ACQUIRE 27
+#define SADB_HIP_ADD   28
+#undef SADB_MAX
+#define SADB_MAX   29
+#endif
+
 #ifdef DUMMY_FUNCTIONS
 /* dummy prototypes for libipsec provided routines */
 int pfkey_send_hip_x1 (int a, u_int b, u_int c, u_int d, struct sockaddr *e,

• undefined reference to "pfkey_send_rea"

• Reported by: Tom Henderson
• Description: The linking stage of building "hip" in win32/ directory fails as follows:

gcc hip_dns.o hip_esp.o hip_pfkey.o hip_sadb.o hip_status2.o hip_umh.o ../src/*.o -o hip 
-lcrypto -lpthread -lipsec -L/usr/lib -lxml2 -lz -lm -Wall -O2 -DCONFIG_HIP
../src/hip_ipsec.o: In function `sadb_readdress':
/home/tomh/hip/hipd/src/hip_ipsec.c:495: undefined reference to `pfkey_send_rea'
../src/hip_ipsec.o: In function `sadb_add':
/home/tomh/hip/hipd/src/hip_ipsec.c:388: undefined reference to `pfkey_send_hip_x1'
collect2: ld returned 1 exit status
make: *** [umh] Error 1

• OpenHIP version: hipd-0.3.3 (possibly earlier too)
• Platform: SuSE 10
• Resolution: This indicates perhaps that your library path is picking up an existing libipsec rather than the patched one. Confirm that your LD_LIBRARY_PATH environment variable will make sure that the patched libipsec is picked up first, or else edit the Makefile in win32/ directory with an explicit path to the libipsec library such as -L/usr/local/lib *before* the appearance of -lcrypto.