FreeBSD 9-RC1, openbgpd, tcp md5
Borja Marcos
borjam at sarenet.es
Mon Nov 7 17:13:59 UTC 2011
On Nov 4, 2011, at 1:41 PM, Patrick Lamaiziere wrote:
> Isn't a new option to build openbgpd with tcp-md5 (and without pf_key)?
>
> I've used TCP-MD5 signature for bgp between a FreeBSD 8.x and OpenBSD,
> using setkey(8) to enforce the signature between the peers. That
> worked (of course, then you shouldn't use tcp-md5 in openbgd).
>
> setkey(8):
> add -4 peer1 peer2 tcp 0x1000 -A tcp-md5 "PASSWORD";
> add -4 peer2 peer1 tcp 0x1000 -A tcp-md5 "PASSWORD";
Ouch! Silly me, I assumed there was some setsockopt() option to set an MD5 for a TCP socket.
Thank you very much, working now both with both bird and openbgpd. :) Turns out you have to delete the md5 option from the openbgpd config file, but you need to put it (even with a bogus key) in the bird config file.
add 10.0.0.1 10.0.0.2 tcp 0x1000 -A tcp-md5 "mekmitasgoat";
add 10.0.1.1 10.0.1.2 tcp 0x1000 -A tcp-md5 "mekmitasgoat";
add 10.0.0.2 10.0.0.1 tcp 0x1000 -A tcp-md5 "mekmitasgoat";
add 10.0.1.2 10.0.1.1 tcp 0x1000 -A tcp-md5 "mekmitasgoat";
Borja.
More information about the freebsd-net
mailing list