Date: Tue, 12 Jun 2018 16:57:31 +0200 From: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= <olivier@freebsd.org> To: Patrick Lamaiziere <patfbsd@davenulle.org> Cc: freebsd-net@freebsd.org Subject: Re: 11.2-RC1 bird 2 BGP invalid ipsec SA/SP Message-ID: <CA%2Bq%2BTcpuvLX_5Z6ZiOEXCze205Dcro0HMk3h2nLiOWWq-CB-Ag@mail.gmail.com> In-Reply-To: <20180612143447.697681c5@mr185083> References: <20180612143447.697681c5@mr185083>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 12, 2018 at 2:35 PM Patrick Lamaiziere <patfbsd@davenulle.org>
wrote:
> Hello,
>
> I'm trying Bird 2 on FreeBSD 11.2 using tcp md5 signature for BGP
> connections.
>
> Bird2 has an option to set the needed ipsec SA/SP but here this does
> not work.
>
>
>
It will work if you 'help' bird to know the source address to use (source
address) into the BGP protocol.
Here is the extract of my bird BGP configuration file (no setkey.conf
needed):
protocol bgp R4inet4 {
local as myas;
# Bird creates IPSEC SAD entry automatically but it need to
know the source IP address
# Otherwise it will use the wrong 0.0.0.0 IP as source
source address 10.0.2.3;
neighbor 10.0.2.4 as 200;
password "abigpassword";
ipv4 {
import all;
export all;
next hop self;
};
}
Regards,
Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bq%2BTcpuvLX_5Z6ZiOEXCze205Dcro0HMk3h2nLiOWWq-CB-Ag>