Date: Wed, 15 Apr 2009 16:42:52 +0300 From: =?UTF-8?B?0JDQu9C10LrRgdC10Lkg0JHQu9C40L3QutC+0LI=?= <alexey.blinkov@gmail.com> To: freebsd-net@freebsd.org Subject: MD5 authentication in quagga Message-ID: <2d934d80904150642r585049b4wadfdfc82a3d8c7fc@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi. I have a problem with Subj. In mailing list quagga me say for mailing to frebsd list. Quote: It is well documented that md5 'password' authentication for bgpd works, but only for outgoing packets... there is no way for FreeBSD (to my knowledge) to actually verify packets inbound. ...it's better than nothing ;) First one. My configuration in FreeBSD 7.1 /etc/rc.conf ipsec_enable=3D"YES" ipsec_file=3D"/etc/ipsec.conf" /etc/ipsec.conf flush; add x.x.x.x y.y.y.y tcp 0x1000 -A tcp-md5 "*********"; where: x.x.x.x - IP local side y.y.y.y - IP remote side ******** - password Next. My kernel was rebuilded with next options: options TCP_SIGNATURE options IPSEC device crypto device cryptodev device cryptodev Now i set password to bgp neighbor quagga-router(config router)# neighbor y.y.y.y password ******** And clear session quagga-router(config router)# do clear ip bgp y.y.y.y In remote side PASSWORD NOT SET YET, but bgp session passes to state UP, and network prefixes sending from local to remote side and vice versa. But neigborship must no upping if password not coincide... --=20 =D0=A1 =D1=83=D0=B2=D0=B0=D0=B6=D0=B5=D0=BD=D0=B8=D0=B5=D0=BC =D0=90=D0=BB= =D0=B5=D0=BA=D1=81=D0=B5=D0=B9 =D0=91=D0=BB=D0=B8=D0=BD=D0=BA=D0=BE=D0=B2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2d934d80904150642r585049b4wadfdfc82a3d8c7fc>