[Bug 223835] BGP session not established with md5 password via FRRouting
    bugzilla-noreply at freebsd.org 
    bugzilla-noreply at freebsd.org
       
    Fri Nov 24 23:19:25 UTC 2017
    
    
  
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835
Alexey <pautina at kharkiv.net> changed:
           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |Not A Bug
             Status|New                         |Closed
--- Comment #10 from Alexey <pautina at kharkiv.net> ---
Good night everybody.
The problem is solved.
Many thanks to Marek Zarychta mailto:zarychtam at plan-b.pwste.edu.pl for the
help.
He showed me a similar problem:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453.
Аnd indeed, the problem was that on the interface TX/RX checksums was disabled.
Now everything works with the following settings:
On interface ix0 or ixl0 or other must be turn ON: rxcsum txcsum; (ifconfig
ixl0 rxcsum txcsum)
At /etc/rc.conf:
ifconfig_ixl0="up -tso -lro -vlanhwtso" (I disabled only tso and lro)
ipsec_enable="YES"
ipsec_file="/etc/ipsec.conf"
At /etc/ipsec.conf:
flush;
add 185.1.62.241 185.1.62.69 tcp 0x1000 -A tcp-md5 "some_password";
add 185.1.62.69 185.1.62.241 tcp 0x1001 -A tcp-md5 "some_password";
On kernel you must add next:
options         IPSEC                   # IP (v4/v6) security
options         IPSEC_SUPPORT           # Allow kldload of ipsec and tcpmd5
# The crypto framework is required by IPSEC
device          crypto                  # Required by IPSEC
device          cryptodev
options         TCP_SIGNATURE
And need set password for neighbor on FRRouting, for example:
 neighbor 185.1.62.69 password some_password
I think it's necessary to describe all this in documentation. 
This would be good, as this problem arises for many. Or you can simply forget
about it :)
-- 
You are receiving this mail because:
You are the assignee for the bug.
    
    
More information about the freebsd-net
mailing list