So it doesn't matter what I put in in the password field as long as I'm using setkey's, right?
> On 22.08.2011 16:10, fredrik danerklint wrote: > > ok. I think I've got that part. > > > > But what do I put in the password field in the configuration of the bgp > > in bird? > > Any non-empty string should be fine. > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> fredrik danerklint wrote: > >>> Hi! > >>> > >>> The manual page says: > >>> > >>> password string > >>> Use this password for MD5 authentication of BGP sessions. Default: no > >>> authentication. Password has to be set by external utility (e.g. > >>> setkey(8)) on BSD systems. > >>> > >>> Can someone provide me with an example of how that does work? > >> > >> Presently you need to add > >> options TCP_SIGNATURE > >> options IPSEC > >> device crypto > >> > >> to your kernel configuration > >> > >> After that, TCP MD5 can be configured on per-host basis: > >> > >> > >> 9:55 [1] zfscurr0# echo add 10.0.0.92 10.0.0.5 tcp 0x1000 -A tcp-md5 > >> \"secret\" \; | setkey -c > >> 9:55 [1] zfscurr0# setkey -D > >> 10.0.0.92 10.0.0.5 > >> > >> tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000) > >> A: tcp-md5 73656372 6574 > >> seq=0x00000000 replay=0 flags=0x00000040 state=mature > >> created: Aug 22 09:55:06 2011 current: Aug 22 09:55:12 2011 > >> diff: 6(s) hard: 0(s) soft: 0(s) > >> last: hard: 0(s) soft: 0(s) > >> current: 0(bytes) hard: 0(bytes) soft: 0(bytes) > >> allocated: 0 hard: 0 soft: 0 > >> sadb_seq=0 pid=1005 refcnt=1 > >> > >> Please see setkey(8) for more information > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v2.0.14 (FreeBSD) > >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > >> > >> iEYEARECAAYFAk5R74sACgkQwcJ4iSZ1q2nQBwCggHj3/NUKoQ6wvSBfQHcKnHAX > >> 6D8AoKBwKBA8fvHGZDBZ3IrT8+kIduqr > >> =14zM > >> -----END PGP SIGNATURE----- -- //fredan
