MD5 authentication in quagga

Алексей Блинков alexey.blinkov at
Wed Apr 15 14:05:22 UTC 2009

Hi. I have a problem with Subj. In mailing list quagga me say for
mailing to frebsd list.


It is well documented that md5 'password' authentication for bgpd works,
but only for outgoing packets... there is no way for FreeBSD (to my
knowledge) to actually verify packets inbound.'s better than nothing ;)

First one. My configuration in FreeBSD 7.1




add x.x.x.x y.y.y.y tcp 0x1000 -A tcp-md5 "*********";


x.x.x.x - IP local side
y.y.y.y - IP remote side
******** - password

Next. My kernel was rebuilded with next options:

options IPSEC
device crypto
device cryptodev
device cryptodev

Now i set password to bgp neighbor

quagga-router(config router)# neighbor y.y.y.y password ********

And clear session

quagga-router(config router)# do clear ip bgp y.y.y.y

In remote side PASSWORD NOT SET YET, but bgp session passes to state
UP, and network prefixes sending from local to remote side and vice

But neigborship must no upping if password not coincide...

С уважением Алексей Блинков

More information about the freebsd-net mailing list