So it doesn't matter what I put in in the password field as long as I'm using setkey's, right?
On 22.08.2011 16:10, fredrik danerklint wrote:
ok. I think I've got that part.
But what do I put in the password field in the configuration of the bgp in bird?
Any non-empty string should be fine.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
fredrik danerklint wrote:
Hi!
The manual page says:
password string Use this password for MD5 authentication of BGP sessions. Default: no authentication. Password has to be set by external utility (e.g. setkey(8)) on BSD systems.
Can someone provide me with an example of how that does work?
Presently you need to add options TCP_SIGNATURE options IPSEC device crypto
to your kernel configuration
After that, TCP MD5 can be configured on per-host basis:
9:55 [1] zfscurr0# echo add 10.0.0.92 10.0.0.5 tcp 0x1000 -A tcp-md5 \"secret\" \; | setkey -c 9:55 [1] zfscurr0# setkey -D 10.0.0.92 10.0.0.5
tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000) A: tcp-md5 73656372 6574 seq=0x00000000 replay=0 flags=0x00000040 state=mature created: Aug 22 09:55:06 2011 current: Aug 22 09:55:12 2011 diff: 6(s) hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=0 pid=1005 refcnt=1
Please see setkey(8) for more information -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5R74sACgkQwcJ4iSZ1q2nQBwCggHj3/NUKoQ6wvSBfQHcKnHAX 6D8AoKBwKBA8fvHGZDBZ3IrT8+kIduqr =14zM -----END PGP SIGNATURE-----
-- //fredan