BGP, FreeBSD and password
Alexander V. Chernikov
melifaro at ipfw.ru
Mon Aug 22 07:56:27 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
fredrik danerklint wrote:
> Hi!
>
> The manual page says:
>
> password string
> Use this password for MD5 authentication of BGP sessions. Default: no
> authentication. Password has to be set by external utility (e.g. setkey(8)) on
> BSD systems.
>
> Can someone provide me with an example of how that does work?
>
Presently you need to add
options TCP_SIGNATURE
options IPSEC
device crypto
to your kernel configuration
After that, TCP MD5 can be configured on per-host basis:
9:55 [1] zfscurr0# echo add 10.0.0.92 10.0.0.5 tcp 0x1000 -A tcp-md5
\"secret\" \; | setkey -c
9:55 [1] zfscurr0# setkey -D
10.0.0.92 10.0.0.5
tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000)
A: tcp-md5 73656372 6574
seq=0x00000000 replay=0 flags=0x00000040 state=mature
created: Aug 22 09:55:06 2011 current: Aug 22 09:55:12 2011
diff: 6(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=1005 refcnt=1
Please see setkey(8) for more information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5R74sACgkQwcJ4iSZ1q2nQBwCggHj3/NUKoQ6wvSBfQHcKnHAX
6D8AoKBwKBA8fvHGZDBZ3IrT8+kIduqr
=14zM
-----END PGP SIGNATURE-----
More information about the Bird-users
mailing list