From owner-freebsd-net@FreeBSD.ORG  Sun Sep  1 20:25:27 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 4D25364B;
 Sun,  1 Sep 2013 20:25:27 +0000 (UTC)
 (envelope-from universite@ukr.net)
Received: from otrada.od.ua (universite-1-pt.tunnel.tserv24.sto1.ipv6.he.net
 [IPv6:2001:470:27:140::2])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9625123E2;
 Sun,  1 Sep 2013 20:25:26 +0000 (UTC)
Received: from [10.0.0.10] ([10.0.0.10]) (authenticated bits=0)
 by otrada.od.ua (8.14.4/8.14.5) with ESMTP id r81KPJjU051505;
 Sun, 1 Sep 2013 23:25:19 +0300 (EEST)
 (envelope-from universite@ukr.net)
Message-ID: <5223A2A9.8030602@ukr.net>
Date: Sun, 01 Sep 2013 23:25:13 +0300
From: "Vladislav V. Prodan" <universite@ukr.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Subject: Re: Quagga not support password for neighbor
References: <66067.1363878392.12938546996697300992@ffe17.ukr.net>
 <CAPBZQG1UoFv2xhM03LnTATC+05c-iFg+8CACOcVLKWY1GuGVGg@mail.gmail.com>
In-Reply-To: <CAPBZQG1UoFv2xhM03LnTATC+05c-iFg+8CACOcVLKWY1GuGVGg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7
 (otrada.od.ua [89.209.81.54]); Sun, 01 Sep 2013 23:25:19 +0300 (EEST)
X-Spam-Status: No, score=-101.0 required=5.0 tests=ALL_TRUSTED, FREEMAIL_FROM, 
 T_TO_NO_BRKTS_FREEMAIL,
 USER_IN_WHITELIST autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
 mary-teresa.otrada.od.ua
Cc: =?UTF-8?B?RXJtYWwgTHXDp2k=?= <eri@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Sep 2013 20:25:27 -0000

Up.
You can set examples?

I added these options in my kernel and rebuild:

 options TCP_SIGNATURE
 options IPSEC
 device crypto
 device cryptodev
...

I added these lines to /etc/rc.conf:
...
ipsec_enable="YES"
ipsec_file="/etc/ipsec.conf"
...

and /etc/ipsec.conf output:

flush;
add ZZZ.245.YYY.67 ZZZ.245.YYY.1 tcp 0x1000 -A tcp-md5 "XXXXXXXX";
add ZZZ.245.YYY.67 ZZZ.245.YYY.2 tcp 0x1000 -A tcp-md5 "XXXXXXXX";

add ZZZ.107.YYY.12 ZZZ.107.YYY.1 tcp 0x1000 -A tcp-md5 "XXXXXXXX";
add ZZZ.107.YYY.12 ZZZ.107.YYY.199 tcp 0x1000 -A tcp-md5 "XXXXXXXX";


21.03.2013 17:52, Ermal Luçi wrote:
> You need a kernel with TCP_SIGNATURE option and insert policy routes with
> setkey.
> 
> 
> On Thu, Mar 21, 2013 at 4:06 PM, Vladislav Prodan <universite@ukr.net>wrote:
> 
>>
>> FreeBSD 8.2-STABLE
>> quagga-0.99.21      Free RIPv1, RIPv2, OSPFv2, BGP4, IS-IS route software
>>
>> BGP.as11111(config-router)# neighbor XXX.XXX.YYY.YYY password testtest
>> % Error while applying TCP-Sig to session(s)
>>
>> No one to share the patch with the Linux version of quagga, so get to work
>> option password?
>>
>> Thanks!
>>



-- 
Vladislav V. Prodan
System & Network Administrator
http://support.od.ua
+380 67 4584408, +380 99 4060508
VVP88-RIPE