Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 24 Nov 2017 23:19:24 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-net@FreeBSD.org
Subject:   [Bug 223835] BGP session not established with md5 password via FRRouting
Message-ID:  <bug-223835-2472-tZ8IEZP972@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-223835-2472@https.bugs.freebsd.org/bugzilla/>
References:  <bug-223835-2472@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223835

Alexey <pautina@kharkiv.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |Not A Bug
             Status|New                         |Closed

--- Comment #10 from Alexey <pautina@kharkiv.net> ---
Good night everybody.
The problem is solved.
Many thanks to Marek Zarychta mailto:zarychtam@plan-b.pwste.edu.pl for the
help.
He showed me a similar problem:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219453.
=D0=90nd indeed, the problem was that on the interface TX/RX checksums was =
disabled.

Now everything works with the following settings:

On interface ix0 or ixl0 or other must be turn ON: rxcsum txcsum; (ifconfig
ixl0 rxcsum txcsum)

At /etc/rc.conf:
ifconfig_ixl0=3D"up -tso -lro -vlanhwtso" (I disabled only tso and lro)
ipsec_enable=3D"YES"
ipsec_file=3D"/etc/ipsec.conf"

At /etc/ipsec.conf:
flush;
add 185.1.62.241 185.1.62.69 tcp 0x1000 -A tcp-md5 "some_password";
add 185.1.62.69 185.1.62.241 tcp 0x1001 -A tcp-md5 "some_password";

On kernel you must add next:
options         IPSEC                   # IP (v4/v6) security
options         IPSEC_SUPPORT           # Allow kldload of ipsec and tcpmd5
# The crypto framework is required by IPSEC
device          crypto                  # Required by IPSEC
device          cryptodev
options         TCP_SIGNATURE

And need set password for neighbor on FRRouting, for example:
 neighbor 185.1.62.69 password some_password

I think it's necessary to describe all this in documentation.=20
This would be good, as this problem arises for many. Or you can simply forg=
et
about it :)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-223835-2472-tZ8IEZP972>