BGP, FreeBSD and password
fredrik danerklint
fredan-bird at fredan.se
Mon Aug 22 14:42:41 CEST 2011
So it doesn't matter what I put in in the password field as long as I'm using
setkey's, right?
> On 22.08.2011 16:10, fredrik danerklint wrote:
> > ok. I think I've got that part.
> >
> > But what do I put in the password field in the configuration of the bgp
> > in bird?
>
> Any non-empty string should be fine.
>
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> fredrik danerklint wrote:
> >>> Hi!
> >>>
> >>> The manual page says:
> >>>
> >>> password string
> >>> Use this password for MD5 authentication of BGP sessions. Default: no
> >>> authentication. Password has to be set by external utility (e.g.
> >>> setkey(8)) on BSD systems.
> >>>
> >>> Can someone provide me with an example of how that does work?
> >>
> >> Presently you need to add
> >> options TCP_SIGNATURE
> >> options IPSEC
> >> device crypto
> >>
> >> to your kernel configuration
> >>
> >> After that, TCP MD5 can be configured on per-host basis:
> >>
> >>
> >> 9:55 [1] zfscurr0# echo add 10.0.0.92 10.0.0.5 tcp 0x1000 -A tcp-md5
> >> \"secret\" \; | setkey -c
> >> 9:55 [1] zfscurr0# setkey -D
> >> 10.0.0.92 10.0.0.5
> >>
> >> tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000)
> >> A: tcp-md5 73656372 6574
> >> seq=0x00000000 replay=0 flags=0x00000040 state=mature
> >> created: Aug 22 09:55:06 2011 current: Aug 22 09:55:12 2011
> >> diff: 6(s) hard: 0(s) soft: 0(s)
> >> last: hard: 0(s) soft: 0(s)
> >> current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
> >> allocated: 0 hard: 0 soft: 0
> >> sadb_seq=0 pid=1005 refcnt=1
> >>
> >> Please see setkey(8) for more information
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v2.0.14 (FreeBSD)
> >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >>
> >> iEYEARECAAYFAk5R74sACgkQwcJ4iSZ1q2nQBwCggHj3/NUKoQ6wvSBfQHcKnHAX
> >> 6D8AoKBwKBA8fvHGZDBZ3IrT8+kIduqr
> >> =14zM
> >> -----END PGP SIGNATURE-----
--
//fredan
More information about the Bird-users
mailing list