On Thu, Jun 23, 2016 at 11:41:18AM +0200, Alexander Velkov wrote: > Hello, > > I have some issues with configuring RIP 'authentication'. > I connect a bird v1.6.0 running on an ARM machine with a quagga v0.99.23.1 > on a 64bit Ubuntu 14.04 machine. > > *Plaintext* (authentication plaintext): > > ERROR - bird writes erroneous auth error msg. > the two peers connect successfully and exchange routes, but bird writes > auth error msg - > 'bird: RIP: Authentication failed for 172.16.0.9 on eth0 - wrong password > (0)' > Maybe, a variable was not correctly set at init ?
Hello
It seems to me that quagga sends two packets, first (at 15:21:34,
presumably without authentication) was rejected, second (at 15:21:35,
presumably with password) was accepted and contains routes.
See:
> Jun 22 15:21:34 AVILA debug bird: RIP: New neighbor 172.16.0.9 on eth0
> Jun 22 15:21:34 AVILA err bird: RIP: Authentication failed for 172.16.0.9
> on eth0 - wrong password (0)
...
> Jun 22 15:21:35 AVILA debug bird: RIP: Response received from 172.16.0.9 on
> eth0
> Jun 22 15:21:35 AVILA debug bird: RIP > added 10.0.4.0/24 via 172.16.0.9 on
> eth0
Could you verify that, e.g. with tcpdump?
> *Cryptographic* (authentication cryptographic):
>
> ERROR 1 - peers cannot connect with "id 0".
> The ripd keychain allows setting 'key 0' but bird does not - error
> 'Password ID has to be greated than zero.'
That is true, for some reason BIRD does not allow key id 0 (for both RIP
and OSPF crypto authentication) and uses id 1 by default. I will check if
there is a reason for that.
> If I omit setting id parameter (passwords{password "secret"; password
> 'secret2'; password 'secret 3'}), then the peer authentication is not
> successful.
In that case BIRD uses IDs 1,2,3, while Quagga is configured with IDs 0,1,2,
therefore keys are not properly matched.
> ERROR 2 - On successful md5 authentication (using different keys), bird
> writes again false error messages.
Probably the same issue like in the first case?
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: [email protected])
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
signature.asc
Description: Digital signature
