Date: Tue, 12 Jun 2018 16:57:31 +0200 From: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= <olivier@freebsd.org> To: Patrick Lamaiziere <patfbsd@davenulle.org> Cc: freebsd-net@freebsd.org Subject: Re: 11.2-RC1 bird 2 BGP invalid ipsec SA/SP Message-ID: <CA%2Bq%2BTcpuvLX_5Z6ZiOEXCze205Dcro0HMk3h2nLiOWWq-CB-Ag@mail.gmail.com> In-Reply-To: <20180612143447.697681c5@mr185083> References: <20180612143447.697681c5@mr185083>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 12, 2018 at 2:35 PM Patrick Lamaiziere <patfbsd@davenulle.org> wrote: > Hello, > > I'm trying Bird 2 on FreeBSD 11.2 using tcp md5 signature for BGP > connections. > > Bird2 has an option to set the needed ipsec SA/SP but here this does > not work. > > > =E2=80=8BIt will work if you 'help' bird to know the source address to use = (source address) into the BGP protocol. Here is the extract of my bird BGP configuration file (no setkey.conf needed): protocol bgp R4inet4 { local as myas; # Bird creates IPSEC SAD entry automatically but it need to know the source IP address # Otherwise it will use the wrong 0.0.0.0 IP as source source address 10.0.2.3; neighbor 10.0.2.4 as 200; password "abigpassword"; ipv4 { import all; export all; next hop self; }; } Regards, Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bq%2BTcpuvLX_5Z6ZiOEXCze205Dcro0HMk3h2nLiOWWq-CB-Ag>