BGP, FreeBSD and password

Alexander V. Chernikov melifaro at ipfw.ru
Mon Aug 22 16:54:46 CEST 2011 

On 22.08.2011 16:42, fredrik danerklint wrote:
> So it doesn't matter what I put in in the password field as long as I'm using
> setkey's, right?
It needs to be any non-empty string.

Not sure if this is sufficient condition, though.

>
>> On 22.08.2011 16:10, fredrik danerklint wrote:
>>> ok. I think I've got that part.
>>>
>>> But what do I put in the password field in the configuration of the bgp
>>> in bird?
>>
>> Any non-empty string should be fine.
>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> fredrik danerklint wrote:
>>>>> Hi!
>>>>>
>>>>> The manual page says:
>>>>>
>>>>> password string
>>>>> Use this password for MD5 authentication of BGP sessions. Default: no
>>>>> authentication. Password has to be set by external utility (e.g.
>>>>> setkey(8)) on BSD systems.
>>>>>
>>>>> Can someone provide me with an example of how that does work?
>>>>
>>>> Presently you need to add
>>>> options         TCP_SIGNATURE
>>>> options         IPSEC
>>>> device          crypto
>>>>
>>>> to your kernel configuration
>>>>
>>>> After that, TCP MD5 can be configured on per-host basis:
>>>>
>>>>
>>>> 9:55 [1] zfscurr0# echo add 10.0.0.92 10.0.0.5 tcp 0x1000 -A tcp-md5
>>>> \"secret\" \; | setkey -c
>>>> 9:55 [1] zfscurr0# setkey -D
>>>> 10.0.0.92 10.0.0.5
>>>>
>>>>           tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000)
>>>>           A: tcp-md5  73656372 6574
>>>>           seq=0x00000000 replay=0 flags=0x00000040 state=mature
>>>>           created: Aug 22 09:55:06 2011   current: Aug 22 09:55:12 2011
>>>>           diff: 6(s)      hard: 0(s)      soft: 0(s)
>>>>           last:                           hard: 0(s)      soft: 0(s)
>>>>           current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
>>>>           allocated: 0    hard: 0 soft: 0
>>>>           sadb_seq=0 pid=1005 refcnt=1
>>>>
>>>> Please see setkey(8) for more information
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v2.0.14 (FreeBSD)
>>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>>>
>>>> iEYEARECAAYFAk5R74sACgkQwcJ4iSZ1q2nQBwCggHj3/NUKoQ6wvSBfQHcKnHAX
>>>> 6D8AoKBwKBA8fvHGZDBZ3IrT8+kIduqr
>>>> =14zM
>>>> -----END PGP SIGNATURE-----
>

More information about the Bird-users mailing list