On Nov 4, 2011, at 1:41 PM, Patrick Lamaiziere wrote: > Isn't a new option to build openbgpd with tcp-md5 (and without pf_key)? > > I've used TCP-MD5 signature for bgp between a FreeBSD 8.x and OpenBSD, > using setkey(8) to enforce the signature between the peers. That > worked (of course, then you shouldn't use tcp-md5 in openbgd). > > setkey(8): > add -4 peer1 peer2 tcp 0x1000 -A tcp-md5 "PASSWORD"; > add -4 peer2 peer1 tcp 0x1000 -A tcp-md5 "PASSWORD";
Ouch! Silly me, I assumed there was some setsockopt() option to set an MD5 for a TCP socket. Thank you very much, working now both with both bird and openbgpd. :) Turns out you have to delete the md5 option from the openbgpd config file, but you need to put it (even with a bogus key) in the bird config file. add 10.0.0.1 10.0.0.2 tcp 0x1000 -A tcp-md5 "mekmitasgoat"; add 10.0.1.1 10.0.1.2 tcp 0x1000 -A tcp-md5 "mekmitasgoat"; add 10.0.0.2 10.0.0.1 tcp 0x1000 -A tcp-md5 "mekmitasgoat"; add 10.0.1.2 10.0.1.1 tcp 0x1000 -A tcp-md5 "mekmitasgoat"; Borja. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[email protected]"
