[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 Alexey changed: What|Removed |Added Status|Open|Closed Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #37 from Alexey--- (In reply to Andrey V. Elsukov from comment #19) Hello. Today I was able to update and test everything. Everything is working fine. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #36 from Felipe N. Oliva--- (In reply to Andrey V. Elsukov from comment #35) Of course and thank you. Do I need to use the SA from IPSec too or with your patch I can use on openbgpd configuration? -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #35 from Andrey V. Elsukov--- Created attachment 191795 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=191795=edit patch to net/openbgpd port I looked at the openbgpd code from ports. Port has wrong patch, because of which openbgbd doesn't enable TCP_MD5SIG option for used sockets and thus MD5 signatures don't work. Can you replace files/patch-bgpd_session.c with attached file and rebuild openbgpd, then test again? -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #34 from Andrey V. Elsukov--- > (In reply to Felipe N. Oliva from comment #31) > > netstat -sp tcp | grep sig > > 0 packets with matching signature received > > 0 packets with bad signature received > > 0 times failed to make signature due to no SA > > 0 times unexpected signature received > > 0 times no signature provided by segment > > It seems there were not any attempt to use TCP-MD5, probably you need to > properly configure your BGP daemon. > When application wants to use TCP-MD5 signatures, it uses TCP_MD5SIG socket option to enable this feature. When socket has enabled this feature and no SAs are presents, or option is enabled and TCP segments have not such option there will be some counters incremented. In your case application did not enable this socket option, this is why I think about wrong configuration. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #33 from Felipe N. Oliva--- (In reply to Andrey V. Elsukov from comment #32) pfSense with problem too. https://redmine.pfsense.org/issues/7969 -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #32 from Andrey V. Elsukov--- (In reply to Felipe N. Oliva from comment #31) > (In reply to Andrey V. Elsukov from comment #30) > I will try with TSO/LRO. > Interface: ix (intel 10g) > Doesn't work with ipv4 and ipv6. > > netstat -sp tcp | grep sig > 0 packets with matching signature received > 0 packets with bad signature received > 0 times failed to make signature due to no SA > 0 times unexpected signature received > 0 times no signature provided by segment It seems there were not any attempt to use TCP-MD5, probably you need to properly configure your BGP daemon. > FreeBSD 10.3 was working with only one direction. Did anything change? Yes. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #31 from Felipe N. Oliva--- (In reply to Andrey V. Elsukov from comment #30) I will try with TSO/LRO. Interface: ix (intel 10g) Doesn't work with ipv4 and ipv6. netstat -sp tcp | grep sig 0 packets with matching signature received 0 packets with bad signature received 0 times failed to make signature due to no SA 0 times unexpected signature received 0 times no signature provided by segment /etc/ipsec.conf: add -4 187.16.216.55 tcp 0x1000 -A tcp-md5 ""; # GOOGLE add -4 187.16.216.55 tcp 0x1000 -A tcp-md5 ""; # GOOGLE add -4 187.16.218.58 tcp 0x1000 -A tcp-md5 ""; # GOOGLE add -4 187.16.218.58 tcp 0x1000 -A tcp-md5 ""; # GOOGLE add -6 2001:12f8::55 tcp 0x1000 -A tcp-md5 ""; # GOOGLE add -6 2001:12f8::55 tcp 0x1000 -A tcp-md5 ""; # GOOGLE add -6 2001:12f8::218:58 tcp 0x1000 -A tcp-md5 ""; # GOOGLE add -6 2001:12f8::218:58 tcp 0x1000 -A tcp-md5 ""; # GOOGLE setkey -D 2001:12f8::218:58 tcp mode=any spi=130789163(0x07cbaf2b) reqid=0(0x) A: tcp-md5 6a757472 616e3764 45625577 72366339 seq=0x replay=0 flags=0x0040 state=mature created: Feb 27 08:36:12 2018 current: Feb 27 08:41:32 2018 diff: 320(s)hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0hard: 0 soft: 0 sadb_seq=7 pid=74097 refcnt=1 2001:12f8::218:58 tcp mode=any spi=205209160(0x0c3b3e48) reqid=0(0x) A: tcp-md5 6a757472 616e3764 45625577 72366339 seq=0x replay=0 flags=0x0040 state=mature created: Feb 27 08:36:12 2018 current: Feb 27 08:41:32 2018 diff: 320(s)hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0hard: 0 soft: 0 sadb_seq=6 pid=74097 refcnt=1 2001:12f8::55 tcp mode=any spi=17778168(0x010f45f8) reqid=0(0x) A: tcp-md5 6a757472 616e3764 45625577 72366339 seq=0x replay=0 flags=0x0040 state=mature created: Feb 27 08:36:12 2018 current: Feb 27 08:41:32 2018 diff: 320(s)hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0hard: 0 soft: 0 sadb_seq=5 pid=74097 refcnt=1 2001:12f8::55 tcp mode=any spi=11511344(0x00afa630) reqid=0(0x) A: tcp-md5 6a757472 616e3764 45625577 72366339 seq=0x replay=0 flags=0x0040 state=mature created: Feb 27 08:36:12 2018 current: Feb 27 08:41:32 2018 diff: 320(s)hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0hard: 0 soft: 0 sadb_seq=4 pid=74097 refcnt=1 187.16.218.58 tcp mode=any spi=49404247(0x02f1d957) reqid=0(0x) A: tcp-md5 6a757472 616e3764 45625577 72366339 seq=0x replay=0 flags=0x0040 state=mature created: Feb 27 08:36:12 2018 current: Feb 27 08:41:32 2018 diff: 320(s)hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0hard: 0 soft: 0 sadb_seq=3 pid=74097 refcnt=1 187.16.218.58 tcp mode=any spi=209590058(0x0c7e172a) reqid=0(0x) A: tcp-md5 6a757472 616e3764 45625577 72366339 seq=0x replay=0 flags=0x0040 state=mature created: Feb 27 08:36:12 2018 current: Feb 27 08:41:32 2018 diff: 320(s)hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0hard: 0 soft: 0 sadb_seq=2 pid=74097 refcnt=1 187.16.216.55 tcp mode=any spi=124856546(0x077128e2) reqid=0(0x) A: tcp-md5 6a757472 616e3764 45625577 72366339 seq=0x replay=0 flags=0x0040 state=mature created: Feb 27 08:36:12 2018 current: Feb 27 08:41:32 2018 diff: 320(s)hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0hard: 0 soft: 0 sadb_seq=1 pid=74097 refcnt=1 187.16.216.55 tcp mode=any spi=4096(0x1000) reqid=0(0x) A: tcp-md5 6a757472 616e3764 45625577 72366339 seq=0x replay=0 flags=0x0040 state=mature created: Feb 27 08:36:12 2018 current: Feb 27 08:41:32
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #30 from Andrey V. Elsukov--- (In reply to Felipe N. Oliva from comment #29) > (In reply to Andrey V. Elsukov from comment #28) > Yes, here is 11.1-STABLE r329758. > > interface: > vlan1977: flags=8843 metric 0 mtu > 1500 > options=600703 > > kernel: > options IPSEC > options TCP_SIGNATURE > devicecrypto Did you try to disable rx/txcsum? What interface is used as parent for vlans? Does IPv6 work for you but IPv4 doesn't? What `netstat -sp tcp | grep sig` shows? Does setkey -D shows SAs for both directions? -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #29 from Felipe N. Oliva--- (In reply to Andrey V. Elsukov from comment #28) Yes, here is 11.1-STABLE r329758. interface: vlan1977: flags=8843 metric 0 mtu 1500 options=600703 kernel: options IPSEC options TCP_SIGNATURE device crypto -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #28 from Andrey V. Elsukov--- (In reply to Felipe N. Oliva from comment #26) > (In reply to Olivier Cochard from comment #21) > Oliver, your problem is only without TSO/LRO? > I have the same problem, but TSO/LRO enabled in 11.1-p6 and > 11.1-stable(r329156). > My environment is with openbgp. Felipe, is it still problem for you? -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #27 from commit-h...@freebsd.org --- A commit references this bug: Author: ae Date: Sun Feb 18 11:36:46 UTC 2018 New revision: 329518 URL: https://svnweb.freebsd.org/changeset/base/329518 Log: MFC r329101: Reinitialize IP header length after checksum calculation. It is used later by TCP-MD5 code. This fixes the problem with broken TCP-MD5 over IPv4 when NIC has disabled TCP checksum offloading. PR: 223835 Changes: _U stable/11/ stable/11/sys/netinet/tcp_input.c -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #26 from Felipe N. Oliva--- (In reply to Olivier Cochard from comment #21) Oliver, your problem is only without TSO/LRO? I have the same problem, but TSO/LRO enabled in 11.1-p6 and 11.1-stable(r329156). My environment is with openbgp. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #25 from commit-h...@freebsd.org --- A commit references this bug: Author: ae Date: Sat Feb 10 10:13:18 UTC 2018 New revision: 329101 URL: https://svnweb.freebsd.org/changeset/base/329101 Log: Reinitialize IP header length after checksum calculation. It is used later by TCP-MD5 code. This fixes the problem with broken TCP-MD5 over IPv4 when NIC has disabled TCP checksum offloading. PR: 223835 MFC after:1 week Changes: head/sys/netinet/tcp_input.c -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #24 from Marek Zarychta--- Thank you for the patch. I also confirm that it fixes the issue on 11.1-STABLE for inet4. This with "options IPSEC_SUPPORT" default in GENERIC is going to make upcoming 11.2 the most TCP-MD5-friendly FreeBSD release ever. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 Felipe N. Olivachanged: What|Removed |Added CC||fel...@felipeoliva.eti.br --- Comment #23 from Felipe N. Oliva --- (In reply to Olivier Cochard from comment #21) I have the same problem, but with OpenBGPd. I will try the patch! Thanks, -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #21 from Olivier Cochard--- Thanks for this patch! It fixes my problem (applied on -stable): [root@router]~# netstat -ss | grep sign 40 packets with matching signature received and now my inet4 TCP MD5 works: [root@router]~# birdcl BIRD 2.0.1 ready. bird> show protocol R2inet4 Name Proto Table State Since Info R2inet4BGP---up 15:58:36.337 Established -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 Rodney W. Grimeschanged: What|Removed |Added CC||freebsd-net@FreeBSD.org -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 Andrey V. Elsukovchanged: What|Removed |Added Assignee|freebsd-net@FreeBSD.org |a...@freebsd.org --- Comment #19 from Andrey V. Elsukov --- Created attachment 190461 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=190461=edit Proposed patch Can you try this patch? -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #18 from Andrey V. Elsukov--- (In reply to Olivier Cochard from comment #17) > I've got the same problem regarding my inet4 BGP sessions using MD5 on all > my bhyve and virtualbox virtual lab (using vtnet and em interface). > I don't have the problem regarding inet6 BGP session using MD5 on the same > labs. > Can bug be related to my problems ? Probably it is not related to drivers, I'll check this a bit later. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 Olivier Cochardchanged: What|Removed |Added CC||oliv...@freebsd.org --- Comment #17 from Olivier Cochard --- I've got the same problem regarding my inet4 BGP sessions using MD5 on all my bhyve and virtualbox virtual lab (using vtnet and em interface). I don't have the problem regarding inet6 BGP session using MD5 on the same labs. Can bug be related to my problems ? -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #16 from Marek Zarychta--- The bug is strictly related to disabling RXCSUMs on NIC. Other Intel drivers em (4) and igb (4) reveal the same behaviour. I have not tested NICs from other vendors. In fact, pcap dumps taken on interface shows that everything is fine, but counter of "packets with bad signature received" increases and TCP handshake couldn't be established when using TCP MD5 signed packets. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 Alexeychanged: What|Removed |Added Resolution|Not A Bug |--- Status|Closed |Open --- Comment #15 from Alexey --- Device that have bug: Intel® Ethernet X710-DA2 ixl0: mem 0xdd80-0xddff,0xde808000-0xde80 irq 17 at device 0.0 on pci2 ixl0: Using MSIX interrupts with 5 vectors ixl0: fw 4.40.35115 api 1.4 nvm 4.53 etid 8000226b oem 1.268.0 ixl0: PF-ID[0]: VFs 64, MSIX 129, VF MSIX 5, QPs 768, I2C ixl0: Allocating 4 queues for PF LAN VSI; 4 queues active ixl0: Ethernet address: 68:05:ca:41:e8:18 ixl0: PCI Express Bus: Speed 8.0GT/s Width x8 ixl0: SR-IOV ready queues is 0xf800067b1000 At this night I weel try check for Intel® Ethernet X520-DA2 for this bug. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 Andrey V. Elsukovchanged: What|Removed |Added CC||sbr...@freebsd.org Keywords||IntelNetworking -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #14 from Alexey--- (In reply to Andrey V. Elsukov from comment #13) What do I do in this case, reopen the issue? -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #13 from Andrey V. Elsukov--- (In reply to Alexey from comment #12) > I'm not sure if this is a bug. Maybe just for this faket must be mentioned > in the documentation I think it is driver's bug and driver should be fixed if it does not correctly support checksum offloading. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 Alexeychanged: What|Removed |Added Status|Open|Closed Resolution|--- |Not A Bug Severity|Affects Only Me |Affects Many People --- Comment #12 from Alexey --- I'm not sure if this is a bug. Maybe just for this faket must be mentioned in the documentation -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 Alexeychanged: What|Removed |Added Resolution|Not A Bug |--- Status|Closed |Open --- Comment #11 from Alexey --- Maybe it's still a bug. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 Alexeychanged: What|Removed |Added Resolution|--- |Not A Bug Status|New |Closed --- Comment #10 from Alexey --- Good night everybody. The problem is solved. Many thanks to Marek Zarychta mailto:zarych...@plan-b.pwste.edu.pl for the help. He showed me a similar problem: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453. Аnd indeed, the problem was that on the interface TX/RX checksums was disabled. Now everything works with the following settings: On interface ix0 or ixl0 or other must be turn ON: rxcsum txcsum; (ifconfig ixl0 rxcsum txcsum) At /etc/rc.conf: ifconfig_ixl0="up -tso -lro -vlanhwtso" (I disabled only tso and lro) ipsec_enable="YES" ipsec_file="/etc/ipsec.conf" At /etc/ipsec.conf: flush; add 185.1.62.241 185.1.62.69 tcp 0x1000 -A tcp-md5 "some_password"; add 185.1.62.69 185.1.62.241 tcp 0x1001 -A tcp-md5 "some_password"; On kernel you must add next: options IPSEC # IP (v4/v6) security options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 # The crypto framework is required by IPSEC device crypto # Required by IPSEC device cryptodev options TCP_SIGNATURE And need set password for neighbor on FRRouting, for example: neighbor 185.1.62.69 password some_password I think it's necessary to describe all this in documentation. This would be good, as this problem arises for many. Or you can simply forget about it :) -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: [Bug 223835] BGP session not established with md5 password via FRRouting
On Fri, Nov 24, 2017 at 01:36:41PM +, bugzilla-nore...@freebsd.org wrote: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 > > Mark Linimonchanged: > >What|Removed |Added > >Assignee|freebsd-b...@freebsd.org|freebsd-net@FreeBSD.org > > -- > You are receiving this mail because: > You are the assignee for the bug. > ___ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" Hi Alexey, Some time ago I had the similar problem with TCP MD5 on LAGG interface. It came out that the problem has nothing to do with LAGG. If the interfaces do not support TX/RX checksums in hardware TCP MD5 signatures seem to be incorrect on 11.1-STABLE. It is wasn't documented anywhere, I have changed NICs. See the original thread: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453 Best regards, -- Marek Zarychta signature.asc Description: PGP signature
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 --- Comment #9 from Alexey--- Created attachment 188240 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=188240=edit TCPDUMP file for 185.1.62.69 I'm repeat command: 'tcpdump -M some_password -i vlan62 -XXX -vvv -n host 185.1.62.69' and save data to file for next analized. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 223835] BGP session not established with md5 password via FRRouting
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 Mark Linimonchanged: What|Removed |Added Assignee|freebsd-b...@freebsd.org|freebsd-net@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"