From owner-freebsd-net@FreeBSD.ORG  Wed Apr 15 14:05:22 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4016E1065678
	for <freebsd-net@freebsd.org>; Wed, 15 Apr 2009 14:05:22 +0000 (UTC)
	(envelope-from alexey.blinkov@gmail.com)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.158])
	by mx1.freebsd.org (Postfix) with ESMTP id C95A68FC28
	for <freebsd-net@freebsd.org>; Wed, 15 Apr 2009 14:05:18 +0000 (UTC)
	(envelope-from alexey.blinkov@gmail.com)
Received: by fg-out-1718.google.com with SMTP id 13so816744fge.12
	for <freebsd-net@freebsd.org>; Wed, 15 Apr 2009 07:05:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:date:message-id:subject
	:from:to:content-type:content-transfer-encoding;
	bh=9Ef3a/vmIxVSM8pSxwBbN+WVPYoju3tZGtZ+4i2Fyr8=;
	b=bQ2OR3xj+rlM+WHmHdSuBStuiR29XIWNNAaUGxxdtrJIxnbz+7qjsWJQ8+h4QQzsXc
	UCqunzYCLKS4YY/426NoipLpn2mpPRi/MQMsHwVCQVNUM14fgoDAM7fzBo7r/kjBZBiA
	51zlkORffAst6P30r/FkWt8H2CZwykodvqWHo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	b=yFgW7l6YJvZqxH7l4T599N3F6+96057Aq+L/Dwx3tnduzmrsDofs0how6BcIiJyfwf
	Z34bt3OTNN507ujB2eJR2kTILjitpzPQMbJYi4xsiYdx2diMMT6ugBbzdB61rSnc3whS
	hg9nDLQqCNN9MkcadomCRnCu9wClMkCflJsog=
MIME-Version: 1.0
Received: by 10.86.61.13 with SMTP id j13mr163149fga.68.1239802972168; Wed, 15 
	Apr 2009 06:42:52 -0700 (PDT)
Date: Wed, 15 Apr 2009 16:42:52 +0300
Message-ID: <2d934d80904150642r585049b4wadfdfc82a3d8c7fc@mail.gmail.com>
From: =?UTF-8?B?0JDQu9C10LrRgdC10Lkg0JHQu9C40L3QutC+0LI=?=
	<alexey.blinkov@gmail.com>
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: MD5 authentication in quagga
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2009 14:05:22 -0000

Hi. I have a problem with Subj. In mailing list quagga me say for
mailing to frebsd list.

Quote:

It is well documented that md5 'password' authentication for bgpd works,
but only for outgoing packets... there is no way for FreeBSD (to my
knowledge) to actually verify packets inbound.

...it's better than nothing ;)


First one. My configuration in FreeBSD 7.1

/etc/rc.conf

ipsec_enable=3D"YES"
ipsec_file=3D"/etc/ipsec.conf"

/etc/ipsec.conf

flush;
add x.x.x.x y.y.y.y tcp 0x1000 -A tcp-md5 "*********";

where:

x.x.x.x - IP local side
y.y.y.y - IP remote side
******** - password

Next. My kernel was rebuilded with next options:

options TCP_SIGNATURE
options IPSEC
device crypto
device cryptodev
device cryptodev

Now i set password to bgp neighbor

quagga-router(config router)# neighbor y.y.y.y password ********

And clear session

quagga-router(config router)# do clear ip bgp y.y.y.y

In remote side PASSWORD NOT SET YET, but bgp session passes to state
UP, and network prefixes sending from local to remote side and vice
versa.

But neigborship must no upping if password not coincide...

--=20
=D0=A1 =D1=83=D0=B2=D0=B0=D0=B6=D0=B5=D0=BD=D0=B8=D0=B5=D0=BC =D0=90=D0=BB=
=D0=B5=D0=BA=D1=81=D0=B5=D0=B9 =D0=91=D0=BB=D0=B8=D0=BD=D0=BA=D0=BE=D0=B2