11.2-RC1 bird 2 BGP invalid ipsec SA/SP
Olivier Cochard-Labbé
olivier at freebsd.org
Tue Jun 12 14:57:46 UTC 2018
On Tue, Jun 12, 2018 at 2:35 PM Patrick Lamaiziere <patfbsd at davenulle.org>
wrote:
> Hello,
>
> I'm trying Bird 2 on FreeBSD 11.2 using tcp md5 signature for BGP
> connections.
>
> Bird2 has an option to set the needed ipsec SA/SP but here this does
> not work.
>
>
>
It will work if you 'help' bird to know the source address to use (source
address) into the BGP protocol.
Here is the extract of my bird BGP configuration file (no setkey.conf
needed):
protocol bgp R4inet4 {
local as myas;
# Bird creates IPSEC SAD entry automatically but it need to
know the source IP address
# Otherwise it will use the wrong 0.0.0.0 IP as source
source address 10.0.2.3;
neighbor 10.0.2.4 as 200;
password "abigpassword";
ipv4 {
import all;
export all;
next hop self;
};
}
Regards,
Olivier
More information about the freebsd-net
mailing list