Date: Mon, 7 Nov 2011 18:13:54 +0100 From: Borja Marcos <borjam@sarenet.es> To: Patrick Lamaiziere <patfbsd@davenulle.org> Cc: freebsd-net@freebsd.org, Patrick Lamaiziere <patfbsd@davenulle.org> Subject: Re: FreeBSD 9-RC1, openbgpd, tcp md5 Message-ID: <3194E12A-1675-4369-BBB3-9B62BB1CB52E@sarenet.es> In-Reply-To: <20111104134139.0836f380@mr12941> References: <DB54BC35-03F0-4B1F-A609-8E40036CB94E@sarenet.es> <20111104134139.0836f380@mr12941>
next in thread | previous in thread | raw e-mail | index | archive | help
=09 On Nov 4, 2011, at 1:41 PM, Patrick Lamaiziere wrote: > Isn't a new option to build openbgpd with tcp-md5 (and without = pf_key)? >=20 > I've used TCP-MD5 signature for bgp between a FreeBSD 8.x and OpenBSD, > using setkey(8) to enforce the signature between the peers. That > worked (of course, then you shouldn't use tcp-md5 in openbgd). >=20 > setkey(8): > add -4 peer1 peer2 tcp 0x1000 -A tcp-md5 "PASSWORD"; > add -4 peer2 peer1 tcp 0x1000 -A tcp-md5 "PASSWORD"; Ouch! Silly me, I assumed there was some setsockopt() option to set an = MD5 for a TCP socket. Thank you very much, working now both with both bird and openbgpd. :) = Turns out you have to delete the md5 option from the openbgpd config = file, but you need to put it (even with a bogus key) in the bird config = file. add 10.0.0.1 10.0.0.2 tcp 0x1000 -A tcp-md5 "mekmitasgoat"; add 10.0.1.1 10.0.1.2 tcp 0x1000 -A tcp-md5 "mekmitasgoat"; add 10.0.0.2 10.0.0.1 tcp 0x1000 -A tcp-md5 "mekmitasgoat"; add 10.0.1.2 10.0.1.1 tcp 0x1000 -A tcp-md5 "mekmitasgoat"; Borja.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3194E12A-1675-4369-BBB3-9B62BB1CB52E>