OpenBGPd + TCP-MD5 sig fails after a few weeks
eri at freebsd.org
Thu Nov 28 18:14:20 UTC 2013
On Thu, Nov 28, 2013 at 4:16 PM, Antoine Beaupré <anarcat at koumbit.org>wrote:
> On 2013-11-28 10:05:55, Ermal Luçi wrote:
> > On Wed, Nov 27, 2013 at 7:12 PM, Antoine Beaupré <anarcat at koumbit.org
> >> On 2013-11-27 05:58:12, Ermal Luçi wrote:
> >> > You can use the port here
> >> > https://github.com/pfsense/pfsense-tools/tree/master/pfPorts/openbgpd
> >> > It has integration with pfkey sockets of FreeBSD in the daemon itself
> >> > you have to specify only th espd policy through setkey.
> >> >
> >> > It works for pfSense.
> >> While it seems to bootstrap properly, it still fails to isntall a
> >> security association, in my bgpd.conf:
> >> tcp md5sig password "[...]"
> > Probably because you are putting "(quotes) on the password and that is
> > wrong.
> > That means password on the connection is wrong since it has " in it.
> > Think its an issue of the bgpd parser on this.
> I also tried without the quotes, same effect.
Can you show your related config to this!
The only other thing i can think of is that since the daemon is inserting
policies you have to define
So the SPD policy is generated correctly.
You can verify the generated policy using setkey utility.
> Never underestimate the bandwidth of a station wagon full of tapes
> hurtling down the highway.
> - Andrew S. Tanenbaum, "Computer Networks"
More information about the freebsd-net