Date: Thu, 28 Nov 2013 19:14:18 +0100 From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> To: =?ISO-8859-1?Q?Antoine_Beaupr=E9?= <anarcat@koumbit.org> Cc: freebsd-net <freebsd-net@freebsd.org> Subject: Re: OpenBGPd + TCP-MD5 sig fails after a few weeks Message-ID: <CAPBZQG28ZLpU7bgGgj2_SynVeVr5k59_Ydd8d=PD-%2BqNCZwn9g@mail.gmail.com> In-Reply-To: <87ob54pndw.fsf@marcos.anarc.at> References: <87zjoqu3wr.fsf@marcos.anarc.at> <CAPBZQG192HxfHfCj7zkWO-Ot95%2BY7vr8VJ47OyzNhD2jxuZTKg@mail.gmail.com> <874n6xu31q.fsf@marcos.anarc.at> <CAPBZQG17w218wB3SsJ8rvCLzP4hKz4N5=zE-YLnMws5H-x2_FQ@mail.gmail.com> <87ob54pndw.fsf@marcos.anarc.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 28, 2013 at 4:16 PM, Antoine Beaupr=E9 <anarcat@koumbit.org>wro= te: > On 2013-11-28 10:05:55, Ermal Lu=E7i wrote: > > On Wed, Nov 27, 2013 at 7:12 PM, Antoine Beaupr=E9 <anarcat@koumbit.org > >wrote: > > > >> On 2013-11-27 05:58:12, Ermal Lu=E7i wrote: > >> > You can use the port here > >> > https://github.com/pfsense/pfsense-tools/tree/master/pfPorts/openbgp= d > >> > It has integration with pfkey sockets of FreeBSD in the daemon itsel= f > and > >> > you have to specify only th espd policy through setkey. > >> > > >> > It works for pfSense. > >> > >> While it seems to bootstrap properly, it still fails to isntall a > >> security association, in my bgpd.conf: > >> > >> tcp md5sig password "[...]" > >> > > > > Probably because you are putting "(quotes) on the password and that is > > wrong. > > That means password on the connection is wrong since it has " in it. > > Think its an issue of the bgpd parser on this. > > I also tried without the quotes, same effect. > Can you show your related config to this! The only other thing i can think of is that since the daemon is inserting policies you have to define local-address $your-local-ip So the SPD policy is generated correctly. You can verify the generated policy using setkey utility. > > A. > -- > Never underestimate the bandwidth of a station wagon full of tapes > hurtling down the highway. > - Andrew S. Tanenbaum, "Computer Networks" > --=20 Ermal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPBZQG28ZLpU7bgGgj2_SynVeVr5k59_Ydd8d=PD-%2BqNCZwn9g>