On 22.08.2011 16:42, fredrik danerklint wrote:
So it doesn't matter what I put in in the password field as long as I'm using
setkey's, right?
It needs to be any non-empty string.
Not sure if this is sufficient condition, though.
On 22.08.2011 16:10, fredrik danerklint wrote:
ok. I think I've got that part.
But what do I put in the password field in the configuration of the bgp
in bird?
Any non-empty string should be fine.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
fredrik danerklint wrote:
Hi!
The manual page says:
password string
Use this password for MD5 authentication of BGP sessions. Default: no
authentication. Password has to be set by external utility (e.g.
setkey(8)) on BSD systems.
Can someone provide me with an example of how that does work?
Presently you need to add
options TCP_SIGNATURE
options IPSEC
device crypto
to your kernel configuration
After that, TCP MD5 can be configured on per-host basis:
9:55 [1] zfscurr0# echo add 10.0.0.92 10.0.0.5 tcp 0x1000 -A tcp-md5
\"secret\" \; | setkey -c
9:55 [1] zfscurr0# setkey -D
10.0.0.92 10.0.0.5
tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000)
A: tcp-md5 73656372 6574
seq=0x00000000 replay=0 flags=0x00000040 state=mature
created: Aug 22 09:55:06 2011 current: Aug 22 09:55:12 2011
diff: 6(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=1005 refcnt=1
Please see setkey(8) for more information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5R74sACgkQwcJ4iSZ1q2nQBwCggHj3/NUKoQ6wvSBfQHcKnHAX
6D8AoKBwKBA8fvHGZDBZ3IrT8+kIduqr
=14zM
-----END PGP SIGNATURE-----
