Potential OSPF authentication issues with Mikrotik routers

Theera Kittichareonpot tkittich at hotmail.com
Sat Jan 14 01:06:11 CET 2023 

Hello Kees,

Thank you so much. Upgrading Mikrotik to 7.7 does fix the issue with simple authentication in OSPF. It does work now. ^^

However, md5 authentication still doesn't work. On Mikrotiks, OSPF has an authentication-key-id option which can be set and is defaulted to 1. https://wiki.mikrotik.com/wiki/Manual:Routing/OSPF  But there is no such option in Bird. Perhaps that's why Mikrotiks gave error about "authentication failed from X.X.X.X wrong SA ID".

Theera K.









From: Kees Meijs | Nefos <kees at nefos.nl>
Sent: Saturday, January 14, 2023 00:59
To: Theera Kittichareonpot <tkittich at hotmail.com>; bird-users at network.cz <bird-users at network.cz>
Subject: Re: Potential OSPF authentication issues with Mikrotik routers 
 
Hi Theera,

We're using Mikrotik extensively as well, in combination with BIRD2.

In RouterOS 7 there's been quite some work done on OSPF specifically. The latest release 7.7 (see https://mikrotik.com/download/changelogs/stable) incorporates some fixes for yet another bugs in this context.

Apart from BIRD configuration, I would suggest to upgrade to RouterOS 7.6 at least or even better 7.7.

Cheers,
Kees

On 13-01-2023 18:11, Theera Kittichareonpot wrote:
Hello,

I am very new to Bird so I could be doing something wrong. But it seems Bird 2.0.11 could have compatibility issues with Mikrotik routers when OSPF authentication is used. 

When simple authentication is used, the neighbor state stays at Init and doesn't change at all.

When cryptographic password is used, the Mikrotik router gave errors about wrong SA/SP id: "ospf-instance-1 { version: 2 router-id: 192.168.120.1 } ospf-area-1 { 0.0.0.0 } interface { instance-id: 5  broadcast 192.168.10.1%br-lan } authentication failed from 192.168.10.197 wrong SA ID". I've tried md5 sha256 and sha512, but all gave the same error.

Kindly let me know if I did something wrong or what additional info is needed. Thank you.

The following is my bird.conf:

log syslog all; 
#debug protocols all;

#router id 192.168.10.197;

ipv4 table master4;

protocol device {
}

protocol direct direct4 {
      ipv4; # Connect to default IPv4 table
}

protocol kernel kernel4 {
      ipv4 {
            import all;
            export all;
      };
}

protocol static static4 {
      ipv4;
}

protocol ospf v2 ospf4 {
      instance id 5; # set to the same as other routers'
      ipv4 {
            import all;
            export all;
      };

      area 0 {
            interface "eth0" {
                  type broadcast;
                  hello 10; # same as other routers'
                  retransmit 5;
                  transmit delay 1;
                  dead 40;

                  #simple authentication doesn't work with Mikrotik either. The state stays at Init and doesn't change at all.
                  #authentication simple;
                  #password "12345678";

                  # cryptographic password doesn't seem to work with mikrotik too; got errors about wrong SA/SP id
                  #authentication cryptographic;
                  #password "12345678" { algorithm hmac sha512; };
            };
      };
}


Theera K.

More information about the Bird-users mailing list