Re: No TCP-MD5 in 11.1-PRERELEASE.

2017-05-24 Thread Marek Zarychta 
On Mon, May 22, 2017 at 10:15:03PM +0200, Kurt Jaeger wrote:
> Hi!
> 
> > After upgrading to 11.1-PRERELEASE, none of my MD5 BGP connections are
> > coming up.  They were fine in 11.0-RELEASE.
> 
> Please submit a PR via bugs.freebsd.org and send the PR number.
> 
> We should bring this to the attention of re@.
> 
This bug has been already submitted:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453
-- 
Marek Zarychta


signature.asc
Description: PGP signature

Re: No TCP-MD5 in 11.1-PRERELEASE.

2017-05-24 Thread Marek Zarychta 
On Mon, May 22, 2017 at 10:15:03PM +0200, Kurt Jaeger wrote:
> Hi!
> 
> > After upgrading to 11.1-PRERELEASE, none of my MD5 BGP connections are
> > coming up.  They were fine in 11.0-RELEASE.
> 
> Please submit a PR via bugs.freebsd.org and send the PR number.
> 
> We should bring this to the attention of re@.
> 
This bug has been already submitted:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453
-- 
Marek Zarychta


signature.asc
Description: PGP signature

Re: No TCP-MD5 in 11.1-PRERELEASE.

2017-05-24 Thread Andrey V. Elsukov 
On 23.05.2017 23:12, Zaphod Beeblebrox wrote:
> I just added a setkey for the reverse, and connections still do not happen.

Look at the `netstat -sp tcp | grep sign' output.
Also there are some debug messages can be generated by TCP syncache
code, you can see them in the syslog's logs under LOG_DEBUG level.
Also you can use tcpdump with -M flag to validate MD5 signatures.

-- 
WBR, Andrey V. Elsukov



signature.asc
Description: OpenPGP digital signature

Re: No TCP-MD5 in 11.1-PRERELEASE.

2017-05-23 Thread Mike Tancsa 
I dont think you need to rebuild quagga/frr. At least I dont recall
doing it to get things to work.  But worth a try.

---Mike

On 5/23/2017 4:12 PM, Zaphod Beeblebrox wrote:
> I just added a setkey for the reverse, and connections still do not happen.
> 
> On Tue, May 23, 2017 at 10:29 AM, Mike Tancsa  > wrote:
> 
> On 5/22/2017 3:24 PM, Zaphod Beeblebrox wrote:
> > After upgrading to 11.1-PRERELEASE, none of my MD5 BGP connections are
> > coming up.  They were fine in 11.0-RELEASE.
> 
> Make sure the SA entries have both directions. See this thread for more
> details.
> 
> https://lists.freebsd.org/pipermail/freebsd-stable/2017-April/087034.html
> 
> 
> 
> Other than that, it should work fine.
> 
> ---Mike
> 
> 
> 
> 
> 
> --
> ---
> Mike Tancsa, tel +1 519 651 3400 
> Sentex Communications, m...@sentex.net 
> Providing Internet services since 1994 www.sentex.net
> 
> Cambridge, Ontario Canada   http://www.tancsa.com/
> 
> 


-- 
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: No TCP-MD5 in 11.1-PRERELEASE.

2017-05-23 Thread Zaphod Beeblebrox 
I just added a setkey for the reverse, and connections still do not happen.

On Tue, May 23, 2017 at 10:29 AM, Mike Tancsa  wrote:

> On 5/22/2017 3:24 PM, Zaphod Beeblebrox wrote:
> > After upgrading to 11.1-PRERELEASE, none of my MD5 BGP connections are
> > coming up.  They were fine in 11.0-RELEASE.
>
> Make sure the SA entries have both directions. See this thread for more
> details.
>
> https://lists.freebsd.org/pipermail/freebsd-stable/2017-April/087034.html
>
> Other than that, it should work fine.
>
> ---Mike
>
>
>
>
>
> --
> ---
> Mike Tancsa, tel +1 519 651 3400
> Sentex Communications, m...@sentex.net
> Providing Internet services since 1994 www.sentex.net
> Cambridge, Ontario Canada   http://www.tancsa.com/
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: No TCP-MD5 in 11.1-PRERELEASE.

2017-05-23 Thread Mike Tancsa 
On 5/22/2017 3:24 PM, Zaphod Beeblebrox wrote:
> After upgrading to 11.1-PRERELEASE, none of my MD5 BGP connections are
> coming up.  They were fine in 11.0-RELEASE.

Make sure the SA entries have both directions. See this thread for more
details.

https://lists.freebsd.org/pipermail/freebsd-stable/2017-April/087034.html

Other than that, it should work fine.

---Mike





-- 
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: No TCP-MD5 in 11.1-PRERELEASE.

2017-05-22 Thread Kurt Jaeger 
Hi!

> After upgrading to 11.1-PRERELEASE, none of my MD5 BGP connections are
> coming up.  They were fine in 11.0-RELEASE.

Please submit a PR via bugs.freebsd.org and send the PR number.

We should bring this to the attention of re@.

-- 
p...@opsec.eu+49 171 3101372 3 years to go !
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

No TCP-MD5 in 11.1-PRERELEASE.

2017-05-22 Thread Zaphod Beeblebrox 
After upgrading to 11.1-PRERELEASE, none of my MD5 BGP connections are
coming up.  They were fine in 11.0-RELEASE.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"