This section describes how to install the HIP software using binary packages or by building from source.
At the end of this process, you should have
hitgen binaries installed into an appropriate target directory in your path. You then need to proceed to the Configuration step.
- 1 Getting Started
- 2 Linux
- 3 Windows
- 4 Mac OS X
- 5 FreeBSD
- 6 Building Releases
- 7 Troubleshooting
The HIP software runs on 32-bit Windows and recent versions of 32-bit or 64-bit Linux. OS X (10.4.6 through 10.4.10, both PowerPC and Intel architectures), was supported in the past, but OS X is not actively maintained at the moment.
In the past, there were two ways to run this HIP software, depending on your operating system and whether or not you want to patch your kernel:
- entirely in userspace, for Linux (user-mode HIP, or UMH), OS X, and Windows XP (HIP for Windows service or console app)
- with kernel support, for Linux only
Both architectures consist of a user-space HIP daemon (hip) and patches to IPsec tools. Also included is a hitgen utility used for initial setup and generating Host Identities, and scripts for setting up HIP.
As of OpenHIP 0.9, only the userspace mode is supported.
The daemon requires the following libraries (the most recently tested version are listed in parenthesis, but these exact versions are not required):
The XML library is used for generating and parsing all of hipd's configuration files. The cryptographic library provides hashing (SHA, MD5, HMAC), encryption (3DES, BLOWFISH, AES), and public key signing/verification (RSA, DSA).
Here is a set of packages you will likely need if trying to install on a minimal Linux machine (based on Debian package names):
pkg-config libxml2 libxml2-dev gcc g++ make automake autoconf binutils openssh-server openssl libssl-dev
Here is a set of packages to install on a minimal Fedora-based Linux machine (tested on Fedora Core 18):
pkgconfig libxml2-devel gcc gcc-c++ make automake autoconf binutils openssh-server openssl-devel
By default, when building from source, "
make install" will install the these files:
/usr/local/sbin/hip /usr/local/sbin/hitgen /usr/local/sbin/hipstatus /usr/local/etc/hip/known_host_identites.xml
Installation from a binary package typically installs these files:
/usr/sbin/hip /usr/sbin/hitgen /usr/sbin/hipstatus /etc/hip/known_host_identites.xml
When configuring the source, you can specify an installation prefix other than
usr/local/ by giving
configure the option "
DESTDIR environment variable determines where to install using the given prefix.
DESTDIR=/home/username make installwill install the software in a user's home directory, and not in in the system; this may be preferable if you are just trying HIP and don't want an install that touches the system
./configure --prefix=/will install the software in the
/sbin/directory, and correspondingly, the configuration files will be deposited in
Or you can skip the
make install step and manually move the binary and configuration files where you want them later.
On Windows, the default installation directory is
Obtaining the software
OpenHIP binary releases are available from the SourceForge download area.
To build from source you should download the platform-independent openhip-n.n.tgz source tarball from the SourceForge download area, or grab the lastest development version from the SourceForge subversion repo.
Note: Development is moving to Bitbucket openhip project for HIPv1 maintenance and a new HIPv2 feature branch.
Instructions for building HIP on Linux.
How to install HIP from the RedHat RPM package.
How to install HIP from the Debian DEB package.
A binary Windows installer is available for 32-bit versions of Windows XP, Windows Vista, and Windows 7. This has not been tested on 64-bit Windows systems, it may work. Run the openhip-n.n-install.exe program. The program will ask you to accept the license agreement, configure a host identities, and may raise a dialog box asking for permission to install a TAP-Win32 driver. After completion, the OpenHIP programs are available in the Start menu, as well as an uninstaller.
Instructions for compiling a native 32-bit version of HIP with MSVC++.
Old instructions for Building from source on Cygwin
Note: These instructions pertain only to older versions of OpenHIP. Cygwin is no longer supported.
Mac OS X
OS X installer
An OS X universal binary installer is available at the download site. After downloading openhip-n.n.dmg from the download site, mount the disk image and double-click on the installer executable. The installer will prompt you to accept the license agreement, allow customization of installation parameters and will launch an application that will allow you to configure a host identity and generate a configuration for the hip daemon.
After a successfull install, the openhip readme will be displayed. The readme contains more information on invoking, configuring and uninstalling openhip.
Instructions for building HIP on OS X without modifying the OS X kernel.
We are seeking a developer interested in porting to BSD.
The Building Releases page describes the build process for creating installers on the various platforms.
This section describes some problems that users have found in installing or running OpenHIP, and the resolutions, if any.
- configure fails; no package libxml-2.0 found
- Description: ./configure fails with this error
checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for HIP... configure: error: Package requirements (libxml-2.0) were not met: No package 'libxml-2.0' found
- OpenHIP version: hip-0.5 and later
- Platform: Linux
- Resolution: (pending)
- Cannot compile patched ipsec-tools
- Reported by: Zalavary Akos, Goerges Papas
- Description: After patching ipsec-tools successfully, configure fails with the following error.
./configure :line 23322:syntax error near unexpected token "MD5_Init" ./configure :line 23322:"RACOON_PATH_LIBS(MD5_Init, crypto)" make [config.status] Error 2
- OpenHIP version: hipd-0.3.1 and later
- Platform: UHU linux (also SuSE Linux), libxml, openssl
- Mailing list reference: http://sourceforge.net/mailarchive/forum.php?thread_id=9081818&forum_id=45227
- Resolution: (Contributed by Derek S) Run the "bootstrap" script before configure.
- User-mode HIP dies in "make hitgen" step
- Reported by: Tom Henderson
- Description: "make hitgen" dies as follows:
gcc -Wall -O2 -DCONFIG_HIP -I/usr/include/libxml2 -c -o hip_globals.o hip_globals.c gcc -Wall -O2 -DCONFIG_HIP -I/usr/include/libxml2 -c -o hip_ipsec.o hip_ipsec.c hip_ipsec.c: In function `sadb_readdress': hip_ipsec.c:464: error: `SADB_READDRESS' undeclared (first use in this function) hip_ipsec.c:464: error: (Each undeclared identifier is reported only once hip_ipsec.c:464: error: for each function it appears in.) hip_ipsec.c: In function `sadb_lsi': hip_ipsec.c:755: error: `SADB_HIP_ACQUIRE' undeclared (first use in this function) etc...
- OpenHIP version: hipd-0.3.1
- Platform: User-Mode HIP for Linux
- Mailing list reference: None
- Resolution: This will be fixed in next release of hipd. For now, this patch will help:
--- hip_ipsec.c 12 Jan 2006 00:13:52 -0000 1.53 +++ hip_ipsec.c 18 Jan 2006 23:13:25 -0000 @@ -57,6 +57,19 @@ #define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t) / sizeof(uint8_t)) +/* XXX these are needed for Linux UML compilation + * Should be instead handled by configure process + */ +#ifndef SADB_GETSEQ +#define SADB_GETSEQ 24 +#define SADB_GETLSI 25 +#define SADB_READDRESS 26 +#define SADB_HIP_ACQUIRE 27 +#define SADB_HIP_ADD 28 +#undef SADB_MAX +#define SADB_MAX 29 +#endif + #ifdef DUMMY_FUNCTIONS /* dummy prototypes for libipsec provided routines */ int pfkey_send_hip_x1 (int a, u_int b, u_int c, u_int d, struct sockaddr *e,
- undefined reference to "pfkey_send_rea"
- Reported by: Tom Henderson
- Description: The linking stage of building "hip" in win32/ directory fails as follows:
gcc hip_dns.o hip_esp.o hip_pfkey.o hip_sadb.o hip_status2.o hip_umh.o ../src/*.o -o hip -lcrypto -lpthread -lipsec -L/usr/lib -lxml2 -lz -lm -Wall -O2 -DCONFIG_HIP ../src/hip_ipsec.o: In function `sadb_readdress': /home/tomh/hip/hipd/src/hip_ipsec.c:495: undefined reference to `pfkey_send_rea' ../src/hip_ipsec.o: In function `sadb_add': /home/tomh/hip/hipd/src/hip_ipsec.c:388: undefined reference to `pfkey_send_hip_x1' collect2: ld returned 1 exit status make: *** [umh] Error 1
- OpenHIP version: hipd-0.3.3 (possibly earlier too)
- Platform: SuSE 10
- Resolution: This indicates perhaps that your library path is picking up an existing libipsec rather than the patched one. Confirm that your LD_LIBRARY_PATH environment variable will make sure that the patched libipsec is picked up first, or else edit the Makefile in win32/ directory with an explicit path to the libipsec library such as -L/usr/local/lib *before* the appearance of -lcrypto.