OpenBGPd + TCP-MD5 sig fails after a few weeks
Ermal Luçi
eri at freebsd.org
Thu Nov 28 18:14:20 UTC 2013
On Thu, Nov 28, 2013 at 4:16 PM, Antoine Beaupré <anarcat at koumbit.org>wrote:
> On 2013-11-28 10:05:55, Ermal Luçi wrote:
> > On Wed, Nov 27, 2013 at 7:12 PM, Antoine Beaupré <anarcat at koumbit.org
> >wrote:
> >
> >> On 2013-11-27 05:58:12, Ermal Luçi wrote:
> >> > You can use the port here
> >> > https://github.com/pfsense/pfsense-tools/tree/master/pfPorts/openbgpd
> >> > It has integration with pfkey sockets of FreeBSD in the daemon itself
> and
> >> > you have to specify only th espd policy through setkey.
> >> >
> >> > It works for pfSense.
> >>
> >> While it seems to bootstrap properly, it still fails to isntall a
> >> security association, in my bgpd.conf:
> >>
> >> tcp md5sig password "[...]"
> >>
> >
> > Probably because you are putting "(quotes) on the password and that is
> > wrong.
> > That means password on the connection is wrong since it has " in it.
> > Think its an issue of the bgpd parser on this.
>
> I also tried without the quotes, same effect.
>
Can you show your related config to this!
The only other thing i can think of is that since the daemon is inserting
policies you have to define
local-address $your-local-ip
So the SPD policy is generated correctly.
You can verify the generated policy using setkey utility.
>
> A.
> --
> Never underestimate the bandwidth of a station wagon full of tapes
> hurtling down the highway.
> - Andrew S. Tanenbaum, "Computer Networks"
>
--
Ermal
More information about the freebsd-net
mailing list