Date: Fri, 24 Nov 2017 07:38:36 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 223835] BGP session not established with md5 password via FRRouting Message-ID: <bug-223835-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223835 Bug ID: 223835 Summary: BGP session not established with md5 password via FRRouting Product: Base System Version: 11.1-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: pautina@kharkiv.net Hello.=20 I'm trying to establish BGP session with GOOGLE (AS15169). Google use md5 password and BGP session always stay on `Connect`. My configuration `FreeBSD 11.1-STABLE` and ` FRRouting 3.0.2`. BGP configuration: ``` router bgp 29XXX neighbor 185.1.62.69 remote-as 15169 neighbor 185.1.62.69 description -=3D GOOGLE =3D- neighbor 185.1.62.69 password some_password address-family ipv4 unicast neighbor 185.1.62.69 soft-reconfiguration inbound neighbor 185.1.62.69 route-map RM-4-BGP-GOOGLE-IN in neighbor 185.1.62.69 route-map RM-4-BGP-GOOGLE-OUT out ``` ``` show ip bgp summary BGP router identifier 192.XXX.XX.1, local AS number 29XXXvrf-id 0 BGP table version 1591061 RIB entries 1216045, using 158 MiB of memory Peers 23, using 323 KiB of memory Peer groups 4, using 288 bytes of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 185.1.62.69 4 15169 0 0 0 0 0 never=20= =20=20=20=20 Connect ``` and debug log for this peer: ``` 2017/11/23 16:23:58 BGP: 185.1.62.69 went from Active to Idle 2017/11/23 16:23:59 BGP: 185.1.62.69 [FSM] Timer (start timer expire). 2017/11/23 16:23:59 BGP: 185.1.62.69 [FSM] BGP_Start (Idle->Connect), fd -1 2017/11/23 16:23:59 BGP: 185.1.62.69 [Event] Connect start to 185.1.62.69 f= d 36 2017/11/23 16:23:59 BGP: 185.1.62.69 [FSM] Non blocking connect waiting res= ult, fd 36 2017/11/23 16:23:59 BGP: 185.1.62.69 went from Idle to Connect 2017/11/23 16:24:02 BGP: 185.1.62.69 [FSM] BGP_Stop (Connect->Idle), fd 36 2017/11/23 16:24:02 BGP: 185.1.62.69 went from Connect to Idle 2017/11/23 16:24:03 BGP: 185.1.62.69 [FSM] Timer (start timer expire). 2017/11/23 16:24:03 BGP: 185.1.62.69 [FSM] BGP_Start (Idle->Connect), fd -1 2017/11/23 16:24:03 BGP: 185.1.62.69 [Event] Connect start to 185.1.62.69 f= d 36 2017/11/23 16:24:03 BGP: 185.1.62.69 [FSM] Non blocking connect waiting res= ult, fd 36 2017/11/23 16:24:03 BGP: 185.1.62.69 went from Idle to Connect ``` I'm also have rebuild my kernel this support IPSEC: ``` options IPSEC # IP (v4/v6) security options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 options TCP_OFFLOAD # TCP offload # The crypto framework is required by IPSEC device crypto # Required by IPSEC device cryptodev options TCP_SIGNATURE ``` setup ipsec key: ``` cat /etc/ipsec.conf flush; add 185.1.62.241 185.1.62.69 tcp 0x1000 -A tcp-md5 "some_password"; ``` What is not right, help, please. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-223835-8>