Potential OSPF authentication issues with Mikrotik routers
Theera Kittichareonpot
tkittich at hotmail.com
Fri Jan 13 18:11:39 CET 2023
Hello,
I am very new to Bird so I could be doing something wrong. But it seems Bird 2.0.11 could have compatibility issues with Mikrotik routers when OSPF authentication is used.
When simple authentication is used, the neighbor state stays at Init and doesn't change at all.
When cryptographic password is used, the Mikrotik router gave errors about wrong SA/SP id: "ospf-instance-1 { version: 2 router-id: 192.168.120.1 } ospf-area-1 { 0.0.0.0 } interface { instance-id: 5 broadcast 192.168.10.1%br-lan } authentication failed from 192.168.10.197 wrong SA ID". I've tried md5 sha256 and sha512, but all gave the same error.
Kindly let me know if I did something wrong or what additional info is needed. Thank you.
The following is my bird.conf:
log syslog all;
#debug protocols all;
#router id 192.168.10.197;
ipv4 table master4;
protocol device {
}
protocol direct direct4 {
ipv4; # Connect to default IPv4 table
}
protocol kernel kernel4 {
ipv4 {
import all;
export all;
};
}
protocol static static4 {
ipv4;
}
protocol ospf v2 ospf4 {
instance id 5; # set to the same as other routers'
ipv4 {
import all;
export all;
};
area 0 {
interface "eth0" {
type broadcast;
hello 10; # same as other routers'
retransmit 5;
transmit delay 1;
dead 40;
#simple authentication doesn't work with Mikrotik either. The state stays at Init and doesn't change at all.
#authentication simple;
#password "12345678";
# cryptographic password doesn't seem to work with mikrotik too; got errors about wrong SA/SP id
#authentication cryptographic;
#password "12345678" { algorithm hmac sha512; };
};
};
}
Theera K.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20230113/41e623ca/attachment.htm>
More information about the Bird-users
mailing list