<div dir="ltr"><div>Hello,<br><br></div><div>I have some issues with configuring RIP 'authentication'. <br>I connect a bird v1.6.0 running on an ARM machine with a quagga v0.99.23.1 on a 64bit Ubuntu 14.04 machine.<br><br></div><div><b>Plaintext</b> (authentication plaintext):<br><br> ERROR - bird writes erroneous auth error msg.<br><b></b></div><div> the two peers connect successfully and exchange routes, but bird writes auth error msg - <br> 'bird: RIP: Authentication failed for 172.16.0.9 on eth0 - wrong password (0)'<br></div><div> Maybe, a variable was not correctly set at init ?<br></div><div><br><b></b>-- bird.config:<br> ...<br></div><div> protocol rip RIP {<br> debug all;<br> interface "eth0" {<br> ...<br> authentication plaintext; <br> password "test";<br> };<br><br>-- bird log:<br>...<br>Jun 22 15:21:34 AVILA debug bird: RIP: New neighbor 172.16.0.9 on eth0<br>Jun 22 15:21:34 AVILA err bird: RIP: Authentication failed for 172.16.0.9 on eth0 - wrong password (0)<br>Jun 22 15:21:35 AVILA debug bird: RIP: Interface timer fired for eth0<br>Jun 22 15:21:35 AVILA debug bird: RIP: Sending triggered updates for eth0<br>Jun 22 15:21:35 AVILA debug bird: RIP: Sending response via eth0<br>Jun 22 15:21:35 AVILA debug bird: RIP: Response received from 172.16.0.9 on eth0<br>Jun 22 15:21:35 AVILA debug bird: RIP > added <a href="http://10.0.4.0/24">10.0.4.0/24</a> via 172.16.0.9 on eth0<br>Jun 22 15:21:35 AVILA debug bird: RIP > added [best] <a href="http://10.10.11.0/24">10.10.11.0/24</a> via 172.16.0.9 on eth0<br>Jun 22 15:21:35 AVILA info bird: net accepted:<a href="http://10.10.11.0/24">10.10.11.0/24</a><br>Jun 22 15:21:35 AVILA debug bird: RIP < added <a href="http://10.10.11.0/24">10.10.11.0/24</a> via 172.16.0.9 on eth0<br><br>-- quagga.config:<br> ...<br> ip rip authentication string test<br><br></div><div>-- quagga log:<br>2016/06/22 17:25:22 RIP: RECV packet from 172.16.0.4 port 520 on eth1<br>2016/06/22 17:25:22 RIP: RECV RESPONSE version 2 packet size 84<br>2016/06/22 17:25:22 RIP: family 0xFFFF type 2 auth string: test<br>2016/06/22 17:25:22 RIP: <a href="http://10.2.4.1/32">10.2.4.1/32</a> -> 0.0.0.0 family 2 tag 0 metric 1<br>2016/06/22 17:25:22 RIP: <a href="http://10.0.4.0/24">10.0.4.0/24</a> -> 0.0.0.0 family 2 tag 0 metric 1<br>2016/06/22 17:25:22 RIP: <a href="http://172.16.0.0/24">172.16.0.0/24</a> -> 0.0.0.0 family 2 tag 0 metric 1<br>2016/06/22 17:25:22 RIP: RIPv2 simple password authentication from 172.16.0.4<br>2016/06/22 17:25:22 RIP: RIPv2 simple authentication success<br>...<br></div><div><br></div><div><b>Cryptographic</b> (authentication cryptographic):<br><br> ERROR 1 - peers cannot connect with "id 0".<br></div><div> The ripd keychain allows setting 'key 0' but bird does not - error 'Password ID has to be greated than zero.'<br></div><div> If I omit setting id parameter (passwords{password "secret"; password 'secret2'; password 'secret 3'}), then the peer authentication is not successful.<br></div><div><br> ERROR 2 - On successful md5 authentication (using different keys), bird writes again false error messages.<br><br>-- bird.config:<br></div><div> ...<br> protocol rip RIP {<br> debug all;<br> interface "eth0" {<br> ...<br> authentication cryptographic; <br></div><div> passwords {<br> password "secret" {id 0;};<br> password "secret2" {id 1;};<br> password "secret3" {id 2;};<br> };<br> };</div><div><br></div><div>-- quagga.config:<br> ...<br> key chain kChain1<br> key 0<br> key-string secret<br> key 1<br> key-string secret2<br> key 2<br> key-string secret3<br><br> interface eth1<br> ip rip authentication mode md5<br> ip rip authentication key-chain kChain1<br><br></div><div>-- quagga log (bird config without setting 'id' param):<br><br> ...<br> 2016/06/23 11:21:54 RIP: RECV packet from 172.16.0.4 port 520 on eth1<br> 2016/06/23 11:21:54 RIP: RECV RESPONSE version 2 packet size 104<br> 2016/06/23 11:21:54 RIP: family 0xFFFF type 3 (MD5 authentication)<br> 2016/06/23 11:21:54 RIP: RIP-2 packet len 84 Key ID 1 Auth Data len 20<br> 2016/06/23 11:21:54 RIP: Sequence Number 1466674388<br> 2016/06/23 11:21:54 RIP: <a href="http://10.2.4.1/32">10.2.4.1/32</a> -> 0.0.0.0 family 2 tag 0 metric 1<br> 2016/06/23 11:21:54 RIP: <a href="http://10.0.4.0/24">10.0.4.0/24</a> -> 0.0.0.0 family 2 tag 0 metric 1<br> 2016/06/23 11:21:54 RIP: <a href="http://172.16.0.0/24">172.16.0.0/24</a> -> 0.0.0.0 family 2 tag 0 metric 1<br> 2016/06/23 11:21:54 RIP: family 0xFFFF type 1 (MD5 data)<br> 2016/06/23 11:21:54 RIP: MD5: E8F8C8C6B6911BB9D7F4983261C5DC<br> 2016/06/23 11:21:54 RIP: RIPv2 MD5 authentication from 172.16.0.4<br> 2016/06/23 11:21:54 RIP: RIPv2 MD5 authentication failure<br><br></div><div>Best regards,<br></div><div>Alexander Velkov<br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 12, 2015 at 7:23 PM, Alexander Velkov <span dir="ltr"><<a href="mailto:alvel85@googlemail.com" target="_blank">alvel85@googlemail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div></div>ok great, thank you for your answer!<br></div></div><div><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 12, 2015 at 7:01 PM, Ondrej Zajicek <span dir="ltr"><<a href="mailto:santiago@crfreenet.org" target="_blank">santiago@crfreenet.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Thu, Nov 12, 2015 at 05:25:18PM +0100, Alexander Velkov wrote:<br>
> Hi Ondrej,<br>
><br>
> thank you for your reply!<br>
><br>
> When is this branch planned to be integrated to main?<br>
<br>
</span>I guess we will release a new version of BIRD containing RIP from rip-new<br>
branch during 2015-12 or 2016-01.<br>
<div><div><br>
--<br>
Elen sila lumenn' omentielvo<br>
<br>
Ondrej 'Santiago' Zajicek (email: <a href="mailto:santiago@crfreenet.org" target="_blank">santiago@crfreenet.org</a>)<br>
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, <a href="http://wwwkeys.pgp.net" rel="noreferrer" target="_blank">wwwkeys.pgp.net</a>)<br>
"To err is human -- to blame it on a computer is even more so."<br>
</div></div></blockquote></div><br></div></div></div></div>
</blockquote></div><br></div>