Date: Tue, 12 Jun 2018 16:57:31 +0200 From: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= <olivier@freebsd.org> To: Patrick Lamaiziere <patfbsd@davenulle.org> Cc: freebsd-net@freebsd.org Subject: Re: 11.2-RC1 bird 2 BGP invalid ipsec SA/SP Message-ID: <CA%2Bq%2BTcpuvLX_5Z6ZiOEXCze205Dcro0HMk3h2nLiOWWq-CB-Ag@mail.gmail.com> In-Reply-To: <20180612143447.697681c5@mr185083> References: <20180612143447.697681c5@mr185083>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 12, 2018 at 2:35 PM Patrick Lamaiziere <patfbsd@davenulle.org>
wrote:
> Hello,
>
> I'm trying Bird 2 on FreeBSD 11.2 using tcp md5 signature for BGP
> connections.
>
> Bird2 has an option to set the needed ipsec SA/SP but here this does
> not work.
>
>
>
=E2=80=8BIt will work if you 'help' bird to know the source address to use =
(source
address) into the BGP protocol.
Here is the extract of my bird BGP configuration file (no setkey.conf
needed):
protocol bgp R4inet4 {
local as myas;
# Bird creates IPSEC SAD entry automatically but it need to
know the source IP address
# Otherwise it will use the wrong 0.0.0.0 IP as source
source address 10.0.2.3;
neighbor 10.0.2.4 as 200;
password "abigpassword";
ipv4 {
import all;
export all;
next hop self;
};
}
Regards,
Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bq%2BTcpuvLX_5Z6ZiOEXCze205Dcro0HMk3h2nLiOWWq-CB-Ag>