From owner-freebsd-net@FreeBSD.ORG Thu Nov 28 15:17:00 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CA1EDF7D; Thu, 28 Nov 2013 15:17:00 +0000 (UTC) Received: from marcos.anarc.at (mail.orangeseeds.org [72.0.72.144]) by mx1.freebsd.org (Postfix) with ESMTP id 975E81394; Thu, 28 Nov 2013 15:16:59 +0000 (UTC) Received: by marcos.anarc.at (Postfix, from userid 1000) id DCEB9142D5E; Thu, 28 Nov 2013 10:16:48 -0500 (EST) From: Antoine =?utf-8?Q?Beaupr=C3=A9?= To: Ermal =?utf-8?Q?Lu=C3=A7i?= Subject: Re: OpenBGPd + TCP-MD5 sig fails after a few weeks In-Reply-To: References: <87zjoqu3wr.fsf@marcos.anarc.at> <874n6xu31q.fsf@marcos.anarc.at> User-Agent: Notmuch/0.13.2 (http://notmuchmail.org) Emacs/23.4.1 (x86_64-pc-linux-gnu) Date: Thu, 28 Nov 2013 10:16:43 -0500 Message-ID: <87ob54pndw.fsf@marcos.anarc.at> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Cc: freebsd-net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Nov 2013 15:17:00 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2013-11-28 10:05:55, Ermal Lu=C3=A7i wrote: > On Wed, Nov 27, 2013 at 7:12 PM, Antoine Beaupr=C3=A9 wrote: > >> On 2013-11-27 05:58:12, Ermal Lu=C3=A7i wrote: >> > You can use the port here >> > https://github.com/pfsense/pfsense-tools/tree/master/pfPorts/openbgpd >> > It has integration with pfkey sockets of FreeBSD in the daemon itself = and >> > you have to specify only th espd policy through setkey. >> > >> > It works for pfSense. >> >> While it seems to bootstrap properly, it still fails to isntall a >> security association, in my bgpd.conf: >> >> tcp md5sig password "[...]" >> > > Probably because you are putting "(quotes) on the password and that is > wrong. > That means password on the connection is wrong since it has " in it. > Think its an issue of the bgpd parser on this. I also tried without the quotes, same effect. A. =2D-=20 Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway. - Andrew S. Tanenbaum, "Computer Networks" --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJSl15cAAoJEHkhUlJ7dZIe4XgP/je0BlR/2MC6OWXHN7gJlvFl ZEl7LU7ZHE8HG+4X4aOZtragDqtauQ7RCNMRN8dCACkf3I9imyK0zT41v8sicF6k vVU5mM8KFM6PnYXSAB49c9WOMdRBJcf1f6ejBS9uNuk0KttPW6H9ruXUe/SwsUee nOa2LDZiyTpLZdH8vcSuU+iwxiqe8g5s1gMLscVilW/qhtmFJPyCMtydpDfqGP6g Gg9VcT9Ua3urM8uW5i/qA4hfUsgpPohYvIklOdlgXq/zFbYSFE73555va3CYIVIz i54it/Yyn8TSnkixF1JzcDIoegTgxTz2YBHKIc0z2Vl04gluqJU8F4vLFNvsFkdc ZpEO0s0pbakM2liMy5v08xjvh3d+b1B7pcPiV99spUBDJtTnWCNJ0Swu2Cw7FeIz 3yMYwvO5hgHNWaAkeiyHZeky5sElOX3n2cdkVtxwWD2TjIr1tJgjfaI4qV0cJBAW E8MEajTIQ/wx25CWeFZkhwbJFiM9ZwzLXuDpupZEAf2roj7b+YcS/FsbOOMlrmY5 dqv8pzQ29/obIh7IYzxYo9QUyGGM436Ag4txUljXiYhWE2CrcN2c+acmJfcbTbPx O8VVgIwIfuMAmg+rBiy0Ia2qyCaAIqZWfdC2Ik3e2fUtXyNo/uyZ6c3/TbbVXJqM jHDNf+cLRcsUbuBg+ZDq =2F19 -----END PGP SIGNATURE----- --=-=-=--