From OpenHIP
Jump to: navigation, search

Main Page - Overview - Installation - Configuration - Usage - Contributing - Doxygen - Links

This section describes how to install the HIP software using binary packages or by building from source.

At the end of this process, you should have hip and hitgen binaries installed into an appropriate target directory in your path. You then need to proceed to the Configuration step.

Getting Started

Supported Platforms

The HIP software runs on 32-bit Windows and recent versions of 32-bit or 64-bit Linux. OS X (10.4.6 through 10.4.10, both PowerPC and Intel architectures), was supported in the past, but OS X is not actively maintained at the moment.

In the past, there were two ways to run this HIP software, depending on your operating system and whether or not you want to patch your kernel:

  1. entirely in userspace, for Linux (user-mode HIP, or UMH), OS X, and Windows XP (HIP for Windows service or console app)
  2. with kernel support, for Linux only

Both architectures consist of a user-space HIP daemon (hip) and patches to IPsec tools. Also included is a hitgen utility used for initial setup and generating Host Identities, and scripts for setting up HIP.

As of OpenHIP 0.9, only the userspace mode is supported.


The daemon requires the following libraries (the most recently tested version are listed in parenthesis, but these exact versions are not required):

  • openssl (1.0.0e) cryptographic libraries
  • libxml2 (2.7.8) XML libraries

The XML library is used for generating and parsing all of hipd's configuration files. The cryptographic library provides hashing (SHA, MD5, HMAC), encryption (3DES, BLOWFISH, AES), and public key signing/verification (RSA, DSA).

Here is a set of packages you will likely need if trying to install on a minimal Linux machine (based on Debian package names):

 pkg-config libxml2 libxml2-dev gcc g++ make automake autoconf binutils openssh-server openssl libssl-dev

Here is a set of packages to install on a minimal Fedora-based Linux machine (tested on Fedora Core 18):

 pkgconfig libxml2-devel gcc gcc-c++ make automake autoconf binutils openssh-server openssl-devel

Target directories

By default, when building from source, "make install" will install the these files:


Installation from a binary package typically installs these files:


When configuring the source, you can specify an installation prefix other than usr/local/ by giving configure the option "--prefix=PREFIX". The DESTDIR environment variable determines where to install using the given prefix.

  • DESTDIR=/home/username make install    will install the software in a user's home directory, and not in in the system; this may be preferable if you are just trying HIP and don't want an install that touches the system
  • ./configure --prefix=/    will install the software in the /sbin/ directory, and correspondingly, the configuration files will be deposited in /etc/hip/ directory.

Or you can skip the make install step and manually move the binary and configuration files where you want them later.

On Windows, the default installation directory is C:\Program Files\OpenHIP\.

Obtaining the software

OpenHIP binary releases are available from the SourceForge download area.

To build from source you should download the platform-independent openhip-n.n.tgz source tarball from the SourceForge download area, or grab the lastest development version from the SourceForge subversion repo.

Note: Development is moving to Bitbucket openhip project for HIPv1 maintenance and a new HIPv2 feature branch.


Building from source on Linux in User-mode

Instructions for building HIP on Linux.

RPM Installation

How to install HIP from the RedHat RPM package.

DEB Installation

How to install HIP from the Debian DEB package.


Windows Installation

A binary Windows installer is available for 32-bit versions of Windows XP, Windows Vista, and Windows 7. This has not been tested on 64-bit Windows systems, it may work. Run the openhip-n.n-install.exe program. The program will ask you to accept the license agreement, configure a host identities, and may raise a dialog box asking for permission to install a TAP-Win32 driver. After completion, the OpenHIP programs are available in the Start menu, as well as an uninstaller.

Building from source on Windows XP

Instructions for compiling a native 32-bit version of HIP with MSVC++.

Old instructions for Building from source on Cygwin

Note: These instructions pertain only to older versions of OpenHIP. Cygwin is no longer supported.

Mac OS X

OS X installer

An OS X universal binary installer is available at the download site. After downloading openhip-n.n.dmg from the download site, mount the disk image and double-click on the installer executable. The installer will prompt you to accept the license agreement, allow customization of installation parameters and will launch an application that will allow you to configure a host identity and generate a configuration for the hip daemon.

After a successfull install, the openhip readme will be displayed. The readme contains more information on invoking, configuring and uninstalling openhip.

Building from source on OS X in User-mode

Instructions for building HIP on OS X without modifying the OS X kernel.


We are seeking a developer interested in porting to BSD.

Building Releases

The Building Releases page describes the build process for creating installers on the various platforms.


This section describes some problems that users have found in installing or running OpenHIP, and the resolutions, if any.

  • configure fails; no package libxml-2.0 found
  • Description: ./configure fails with this error
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for HIP... configure: error: Package requirements (libxml-2.0) were not met:

No package 'libxml-2.0' found
  • OpenHIP version: hip-0.5 and later
  • Platform: Linux
  • Resolution: (pending)

  • Cannot compile patched ipsec-tools
  • Reported by: Zalavary Akos, Goerges Papas
  • Description: After patching ipsec-tools successfully, configure fails with the following error.
./configure :line 23322:syntax error near unexpected token "MD5_Init"
./configure :line 23322:"RACOON_PATH_LIBS(MD5_Init, crypto)"
make [config.status] Error 2 
  • User-mode HIP dies in "make hitgen" step
  • Reported by: Tom Henderson
  • Description: "make hitgen" dies as follows:
gcc -Wall -O2 -DCONFIG_HIP -I/usr/include/libxml2    -c -o hip_globals.o hip_globals.c
gcc -Wall -O2 -DCONFIG_HIP -I/usr/include/libxml2    -c -o hip_ipsec.o hip_ipsec.c
hip_ipsec.c: In function `sadb_readdress':
hip_ipsec.c:464: error: `SADB_READDRESS' undeclared (first use in this function)
hip_ipsec.c:464: error: (Each undeclared identifier is reported only once
hip_ipsec.c:464: error: for each function it appears in.)
hip_ipsec.c: In function `sadb_lsi':
hip_ipsec.c:755: error: `SADB_HIP_ACQUIRE' undeclared (first use in this function)  
  • OpenHIP version: hipd-0.3.1
  • Platform: User-Mode HIP for Linux
  • Mailing list reference: None
  • Resolution: This will be fixed in next release of hipd. For now, this patch will help:
--- hip_ipsec.c 12 Jan 2006 00:13:52 -0000      1.53
+++ hip_ipsec.c 18 Jan 2006 23:13:25 -0000
@@ -57,6 +57,19 @@

 #define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t) / sizeof(uint8_t))

+/* XXX these are needed for Linux UML compilation
+ * Should be instead handled by configure process
+ */
+#ifndef SADB_GETSEQ
+#define SADB_GETSEQ    24
+#define SADB_GETLSI    25
+#define SADB_READDRESS   26
+#define SADB_HIP_ACQUIRE 27
+#define SADB_HIP_ADD   28
+#undef SADB_MAX
+#define SADB_MAX   29
 /* dummy prototypes for libipsec provided routines */
 int pfkey_send_hip_x1 (int a, u_int b, u_int c, u_int d, struct sockaddr *e,
  • undefined reference to "pfkey_send_rea"
  • Reported by: Tom Henderson
  • Description: The linking stage of building "hip" in win32/ directory fails as follows:
gcc hip_dns.o hip_esp.o hip_pfkey.o hip_sadb.o hip_status2.o hip_umh.o ../src/*.o -o hip 
-lcrypto -lpthread -lipsec -L/usr/lib -lxml2 -lz -lm -Wall -O2 -DCONFIG_HIP
../src/hip_ipsec.o: In function `sadb_readdress':
/home/tomh/hip/hipd/src/hip_ipsec.c:495: undefined reference to `pfkey_send_rea'
../src/hip_ipsec.o: In function `sadb_add':
/home/tomh/hip/hipd/src/hip_ipsec.c:388: undefined reference to `pfkey_send_hip_x1'
collect2: ld returned 1 exit status
make: *** [umh] Error 1
  • OpenHIP version: hipd-0.3.3 (possibly earlier too)
  • Platform: SuSE 10
  • Resolution: This indicates perhaps that your library path is picking up an existing libipsec rather than the patched one. Confirm that your LD_LIBRARY_PATH environment variable will make sure that the patched libipsec is picked up first, or else edit the Makefile in win32/ directory with an explicit path to the libipsec library such as -L/usr/local/lib *before* the appearance of -lcrypto.