Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 03 Jan 2012 20:36:08 +0100 (CET)
From:      sthaug@nethelp.no
To:        hrs@FreeBSD.org
Cc:        ndenev@gmail.com, dougb@FreeBSD.org, emaste@FreeBSD.org, borjam@sarenet.es, freebsd-net@FreeBSD.org
Subject:   Re: openbgpds not talking each other since 8.2-STABLE upgrade
Message-ID:  <20120103.203608.74677765.sthaug@nethelp.no>
In-Reply-To: <20120104.040611.1847309275485655567.hrs@allbsd.org>
References:  <6FE9FF15-487F-4A31-AEE0-A0AD92F5DC72@sarenet.es> <20DC0C8A-DD9E-408E-9ACA-82532DB31871@lists.zabbadoz.net> <20120104.040611.1847309275485655567.hrs@allbsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
>  Doug, does your kernel have TCP_SIGNATURE option?  The patch[*] for
>  net/openbgpd can be used as a workaround if it was due to TCP_MD5SIG
>  option on the listening sockets.
> 
>  [*] http://people.allbsd.org/~hrs/FreeBSD/openbgpd.20120104-1.diff
> 
>  While this is an ugly hack and I will investigate more reasonable
>  solution for that, I want to narrow down the cause first.  Can anyone
>  who are using a 8-STABLE kenrel with TCP_SIGNATURE let me know if
>  this works or not?

8-STABLE on several servers, csup'ed only a couple of days ago, with 

options         TCP_SIGNATURE
options         IPSEC
device          crypto
device          cryptodev

and Quagga bgpd talking to Juniper M/MX routers using MD5 key on the
BGP sessions. No problems.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120103.203608.74677765.sthaug>