[Bug 223835] BGP session not established with md5 password via FRRouting
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Nov 24 23:19:25 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835
Alexey <pautina at kharkiv.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |Not A Bug
Status|New |Closed
--- Comment #10 from Alexey <pautina at kharkiv.net> ---
Good night everybody.
The problem is solved.
Many thanks to Marek Zarychta mailto:zarychtam at plan-b.pwste.edu.pl for the
help.
He showed me a similar problem:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453.
Аnd indeed, the problem was that on the interface TX/RX checksums was disabled.
Now everything works with the following settings:
On interface ix0 or ixl0 or other must be turn ON: rxcsum txcsum; (ifconfig
ixl0 rxcsum txcsum)
At /etc/rc.conf:
ifconfig_ixl0="up -tso -lro -vlanhwtso" (I disabled only tso and lro)
ipsec_enable="YES"
ipsec_file="/etc/ipsec.conf"
At /etc/ipsec.conf:
flush;
add 185.1.62.241 185.1.62.69 tcp 0x1000 -A tcp-md5 "some_password";
add 185.1.62.69 185.1.62.241 tcp 0x1001 -A tcp-md5 "some_password";
On kernel you must add next:
options IPSEC # IP (v4/v6) security
options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5
# The crypto framework is required by IPSEC
device crypto # Required by IPSEC
device cryptodev
options TCP_SIGNATURE
And need set password for neighbor on FRRouting, for example:
neighbor 185.1.62.69 password some_password
I think it's necessary to describe all this in documentation.
This would be good, as this problem arises for many. Or you can simply forget
about it :)
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list