From owner-freebsd-questions@FreeBSD.ORG  Sun Sep 24 07:21:18 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9313216A407
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Sep 2006 07:21:18 +0000 (UTC) (envelope-from mihai@duras.ro)
Received: from mail.duras.ro (mail.duras.ro [86.105.56.133])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C7D1043D45
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Sep 2006 07:21:17 +0000 (GMT) (envelope-from mihai@duras.ro)
Received: from localhost (localhost [127.0.0.1])
	by mail.duras.ro (Postfix) with ESMTP id B061818741E
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Sep 2006 10:21:15 +0300 (EEST)
Received: from mail.duras.ro ([127.0.0.1])
	by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
	id 18278-03 for <freebsd-questions@freebsd.org>;
	Sun, 24 Sep 2006 10:21:14 +0300 (EEST)
Received: from [86.105.56.194] (ma.plimb.cu.barca.prin.padure.ro
	[86.105.56.194]) by mail.duras.ro (Postfix) with ESMTP id B2EE1187285
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Sep 2006 10:21:14 +0300 (EEST)
Message-ID: <451631C4.6040200@duras.ro>
Date: Sun, 24 Sep 2006 10:20:36 +0300
From: Mihai Tanasescu <mihai@duras.ro>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-20030616-p10 (RedHat) at duras.ro
Subject: Openbgpd TCP-MD5
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Sep 2006 07:21:18 -0000

Hello,


Does anyone know if TCP-MD5 is working with OpenBGP on Freebsd ?


I've got a Freebsd 6.1 system (6.1-RELEASE-p5) on which I've tried both 
openbgpd and openbgpd-devel.
The system has a test session now with a Cisco 3750 equipment.


On the OpenBGPD machine I have setup the Cisco neighbor with the  tcp 
md5sig password option.
On the Cisco machine I have setup the OpenBGPD neighbor with the 
password option.

Upon starting the session the OpenBGPD machine reported pfkey setup failed.

I used setkey to add the following (after adding FAST_IPSEC and TCP-MD5 in the kernel):

add ip-openbgpd ip-cisco-bgp tcp 0x1000 -A tcp-md5 "password I used";

On the Cisco device if I issue a show logg I can see:

%TCP-6-BADAUTH: No MD5 digest from ip-openbgpd(179) to ip-cisco(15581) (RST)

Also the OpenBGPD FreeBSD system displays:

kernel: tcp_signature_compute: SADB lookup failed for ip-cisco


Help wanted:) if possible


Thanks,
Mihai