From owner-freebsd-bugs@freebsd.org Thu Apr 27 05:56:57 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B7210D52925 for ; Thu, 27 Apr 2017 05:56:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A6B7A371 for ; Thu, 27 Apr 2017 05:56:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v3R5uv3H066145 for ; Thu, 27 Apr 2017 05:56:57 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 218907] tcpmd5 kernel module on STABLE/11 doesn't work with vultr bgp via bird Date: Thu, 27 Apr 2017 05:56:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: freebsd-bugs@joe.mulloy.me X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Apr 2017 05:56:57 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D218907 Bug ID: 218907 Summary: tcpmd5 kernel module on STABLE/11 doesn't work with vultr bgp via bird Product: Base System Version: 11.0-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: freebsd-bugs@joe.mulloy.me Hello, I have setup some servers on the cloud provider Vultr and I have set up a floating IP for load balancing/high availability via BGP. Vultr's BGP system requires using an MD5 TCP signature which before r313330 in current and r31= 5514 in stable/11 was not available as a module and required compiling a custom kernel with the TCP_SIGNATURE option enabled. I prefer to be able to just u= se freebsd-update so I found this quite inconvenient, but I am dealing with compiling and distributing a custom kernel anyways. However with this kerne= l my servers keep freezing with no useful error message which is incredibly frustrating. I figured that perhaps now that this functionality has been getting some work that whatever bug I'm hitting may be fixed in STABLE/11. = So I tried using the kernel in the snapshot tarball for STABLE/11, but it's lack= ing the IPSEC_SUPPORT option, so I still have to compile my own kernel for the tcpmd5 module to load/work. I've done this, I have built the STABLE/11 kern= el from r317316 and the module loads and bird doesn't complain about the TCP M= D5 feature being missing. However BIRD isn't able to actually establish a connection to the other end, so it seems the TCP MD5 feature is now broken.= I haven't upgraded my userland, it's still 11.0-RELEASE-p9 but I believe it should still work fine on an 11/STABLE kernel. Perhaps I'm doing something wrong here, but I can't figure out a working solution and I can't find any documentation. It seems this md5 tcp signature feature is rarely used and hard to even turn on.=20 Please let me know what I can do to assist in debugging these issues. I'm g= lad that tcp md5 signatures will finally be easy to enable. I hope it won't be = to hard to get this fixed. Issues: 1. IPSEC_SUPPORT still not enabled in GENERIC kernel, so I still have to compile my own kernel for the tcpmd5 kernel module to actually work 2. The tcp md5 signature feature doesn't seem to work, the other end reject= s my server as if I had the wrong password. Vultr BGP Guide: https://www.vultr.com/docs/high-availability-on-vultr-with-floating-ip-and-= bgp Bug tracking the splitting of ipsec and tcp md5 to seperate kernel modules. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212018 Bird output showing that BGP session can't be established. root@vps-vu-nj-1b:~ # birdc show proto all vultr BIRD 1.6.3 ready. name proto table state since info vultr BGP master start 05:14:24 Connect Socket: Connect= ion refused Preference: 100 Input filter: REJECT Output filter: ACCEPT Routes: 0 imported, 0 exported, 0 preferred Route change stats: received rejected filtered ignored accep= ted Import updates: 0 0 0 0 = 0 Import withdraws: 0 0 --- 0 = 0 Export updates: 0 0 0 --- = 0 Export withdraws: 0 --- --- --- = 0 BGP state: Connect Neighbor address: 169.254.169.254 Neighbor AS: 64515 Last error: Socket: Connection refused --=20 You are receiving this mail because: You are the assignee for the bug.=