MD5 authentication in quagga
Алексей Блинков
alexey.blinkov at gmail.com
Wed Apr 15 14:05:22 UTC 2009
Hi. I have a problem with Subj. In mailing list quagga me say for
mailing to frebsd list.
Quote:
It is well documented that md5 'password' authentication for bgpd works,
but only for outgoing packets... there is no way for FreeBSD (to my
knowledge) to actually verify packets inbound.
...it's better than nothing ;)
First one. My configuration in FreeBSD 7.1
/etc/rc.conf
ipsec_enable="YES"
ipsec_file="/etc/ipsec.conf"
/etc/ipsec.conf
flush;
add x.x.x.x y.y.y.y tcp 0x1000 -A tcp-md5 "*********";
where:
x.x.x.x - IP local side
y.y.y.y - IP remote side
******** - password
Next. My kernel was rebuilded with next options:
options TCP_SIGNATURE
options IPSEC
device crypto
device cryptodev
device cryptodev
Now i set password to bgp neighbor
quagga-router(config router)# neighbor y.y.y.y password ********
And clear session
quagga-router(config router)# do clear ip bgp y.y.y.y
In remote side PASSWORD NOT SET YET, but bgp session passes to state
UP, and network prefixes sending from local to remote side and vice
versa.
But neigborship must no upping if password not coincide...
--
С уважением Алексей Блинков
More information about the freebsd-net
mailing list