From owner-freebsd-net@FreeBSD.ORG Wed Jan 4 13:42:17 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 241B4106566B for ; Wed, 4 Jan 2012 13:42:17 +0000 (UTC) (envelope-from sthaug@nethelp.no) Received: from bizet.nethelp.no (bizet.nethelp.no [195.1.209.33]) by mx1.freebsd.org (Postfix) with SMTP id 6A4FE8FC0C for ; Wed, 4 Jan 2012 13:42:15 +0000 (UTC) Received: (qmail 15401 invoked from network); 4 Jan 2012 13:42:14 -0000 Received: from bizet.nethelp.no (HELO localhost) (195.1.209.33) by bizet.nethelp.no with SMTP; 4 Jan 2012 13:42:14 -0000 Date: Wed, 04 Jan 2012 14:42:14 +0100 (CET) Message-Id: <20120104.144214.74742226.sthaug@nethelp.no> To: ndenev@gmail.com From: sthaug@nethelp.no In-Reply-To: <52D4B9DF-4BC3-4AF7-BCE0-A88E18F25650@gmail.com> References: <20120104.040611.1847309275485655567.hrs@allbsd.org> <4F036A7F.9030906@FreeBSD.org> <52D4B9DF-4BC3-4AF7-BCE0-A88E18F25650@gmail.com> X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@FreeBSD.org, dougb@FreeBSD.org Subject: Re: openbgpds not talking each other since 8.2-STABLE upgrade X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jan 2012 13:42:17 -0000 > You are setting the keys with setkey for both directions of a single session, right? > i.e.: > > add X.X.X.X Y.Y.Y.Y tcp 0x1000 -A tcp-md5 "SomePass"; > add Y.Y.Y.Y X.X.X.X tcp 0x1000 -A tcp-md5 "SomePass"; > > As before it was only needed to set the "outgoing" direction key, which should not work anymore unless > net.inet.tcp.signature_verify_input is zero. Are you sure? I have net.inet.tcp.signature_verify_input = 1 and only one line in /etc/ipsec.conf for each BGP session using MD5 keys, on 8.2-STABLE. Steinar Haug, Nethelp consulting, sthaug@nethelp.no