OpenBGPd + TCP-MD5 sig fails after a few weeks

Antoine Beaupré anarcat at koumbit.org
Thu Nov 28 19:31:18 UTC 2013 

On 2013-11-28 13:14:18, Ermal Luçi wrote:
> Can you show your related config to this!
> The only other thing i can think of is that since the daemon is inserting
> policies you have to define
> local-address $your-local-ip
>
> So the SPD policy is generated correctly.

Ah! That was it!!!

Without local-address, I get this:

pfkey: Invalid argument
neighbor 38.104.152.101 (Cogent): pfkey setup failed

With local-address, it just works!

> You can verify the generated policy using setkey utility.

I confirm the policy is properly installed by the pfsense port, if and
only if local-address is specified.

Next step would be to file a PR to update the port! I have tried to
factor in a patch that merges the pfsense port in the FreeBSD port with
minimal changes, would you mind reviewing it before I send it?

Here's the patch to the FreeBSD port:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: fbsd-openbgpd-port-setkey.patch
Type: text/x-diff
Size: 15863 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20131128/acf8cc86/attachment.patch>
-------------- next part --------------

And here's the diff between my final version of the FreeBSD port (above)
and the original pfsense port:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: fbsd-openbgpd-port-interdiff.patch
Type: text/x-diff
Size: 1223 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20131128/acf8cc86/attachment-0001.patch>
-------------- next part --------------

This was done to avoid introducing unnecessary changes into the port. I
confirm the port works with or without that patch, however, so I am not
sure it is necessary.

Last thoughts before I file that pr?

A.

-- 
C'est trop facile quand les guerres sont finies
D'aller gueuler que c'était la dernière
Amis bourgeois vous me faites envie
Ne voyez vous pas donc point vos cimetières?
                        - Jaques Brel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20131128/acf8cc86/attachment.sig>

More information about the freebsd-net mailing list