RIP with MD5 authentication

Alexander Velkov alvel85 at googlemail.com
Thu Jun 23 11:41:18 CEST 2016 

Hello,

I have some issues with configuring RIP 'authentication'.
I connect a bird v1.6.0 running on an ARM machine with a quagga v0.99.23.1
on a 64bit Ubuntu 14.04 machine.

*Plaintext* (authentication plaintext):

  ERROR - bird writes erroneous auth error msg.
  the two peers connect successfully and exchange routes, but bird writes
auth error msg -
  'bird: RIP: Authentication failed for 172.16.0.9 on eth0 - wrong password
(0)'
  Maybe, a variable was not correctly set at init ?

-- bird.config:
  ...
  protocol rip RIP {
    debug all;
    interface "eth0" {
      ...
      authentication plaintext;
      password "test";
  };

-- bird log:
...
Jun 22 15:21:34 AVILA debug bird: RIP: New neighbor 172.16.0.9 on eth0
Jun 22 15:21:34 AVILA err   bird: RIP: Authentication failed for 172.16.0.9
on eth0 - wrong password (0)
Jun 22 15:21:35 AVILA debug bird: RIP: Interface timer fired for eth0
Jun 22 15:21:35 AVILA debug bird: RIP: Sending triggered updates for eth0
Jun 22 15:21:35 AVILA debug bird: RIP: Sending response via eth0
Jun 22 15:21:35 AVILA debug bird: RIP: Response received from 172.16.0.9 on
eth0
Jun 22 15:21:35 AVILA debug bird: RIP > added 10.0.4.0/24 via 172.16.0.9 on
eth0
Jun 22 15:21:35 AVILA debug bird: RIP > added [best] 10.10.11.0/24 via
172.16.0.9 on eth0
Jun 22 15:21:35 AVILA info  bird: net accepted:10.10.11.0/24
Jun 22 15:21:35 AVILA debug bird: RIP < added 10.10.11.0/24 via 172.16.0.9
on eth0

-- quagga.config:
  ...
  ip rip authentication string test

-- quagga log:
2016/06/22 17:25:22 RIP: RECV packet from 172.16.0.4 port 520 on eth1
2016/06/22 17:25:22 RIP: RECV RESPONSE version 2 packet size 84
2016/06/22 17:25:22 RIP:   family 0xFFFF type 2 auth string: test
2016/06/22 17:25:22 RIP:   10.2.4.1/32 -> 0.0.0.0 family 2 tag 0 metric 1
2016/06/22 17:25:22 RIP:   10.0.4.0/24 -> 0.0.0.0 family 2 tag 0 metric 1
2016/06/22 17:25:22 RIP:   172.16.0.0/24 -> 0.0.0.0 family 2 tag 0 metric 1
2016/06/22 17:25:22 RIP: RIPv2 simple password authentication from
172.16.0.4
2016/06/22 17:25:22 RIP: RIPv2 simple authentication success
...

*Cryptographic* (authentication cryptographic):

  ERROR 1 - peers cannot connect with "id 0".
  The ripd keychain allows setting 'key 0' but bird does not - error
'Password ID has to be greated than zero.'
  If I omit setting id parameter (passwords{password "secret"; password
'secret2'; password 'secret 3'}), then the peer authentication is not
successful.

  ERROR 2 - On successful md5 authentication (using different keys), bird
writes again false error messages.

-- bird.config:
  ...
  protocol rip RIP {
    debug all;
    interface "eth0" {
      ...
      authentication cryptographic;
      passwords {
        password "secret" {id 0;};
        password "secret2" {id 1;};
        password "secret3" {id 2;};
      };
  };

-- quagga.config:
  ...
 key chain kChain1
  key 0
    key-string secret
  key 1
    key-string secret2
  key 2
    key-string secret3

  interface eth1
  ip rip authentication mode md5
  ip rip authentication key-chain kChain1

-- quagga log (bird config without setting 'id' param):

  ...
  2016/06/23 11:21:54 RIP: RECV packet from 172.16.0.4 port 520 on eth1
  2016/06/23 11:21:54 RIP: RECV RESPONSE version 2 packet size 104
  2016/06/23 11:21:54 RIP:   family 0xFFFF type 3 (MD5 authentication)
  2016/06/23 11:21:54 RIP:     RIP-2 packet len 84 Key ID 1 Auth Data len 20
  2016/06/23 11:21:54 RIP:     Sequence Number 1466674388
  2016/06/23 11:21:54 RIP:   10.2.4.1/32 -> 0.0.0.0 family 2 tag 0 metric 1
  2016/06/23 11:21:54 RIP:   10.0.4.0/24 -> 0.0.0.0 family 2 tag 0 metric 1
  2016/06/23 11:21:54 RIP:   172.16.0.0/24 -> 0.0.0.0 family 2 tag 0 metric
1
  2016/06/23 11:21:54 RIP:   family 0xFFFF type 1 (MD5 data)
  2016/06/23 11:21:54 RIP:     MD5: E8F8C8C6B6911BB9D7F4983261C5DC
  2016/06/23 11:21:54 RIP: RIPv2 MD5 authentication from 172.16.0.4
  2016/06/23 11:21:54 RIP: RIPv2 MD5 authentication failure

Best regards,
Alexander Velkov


On Thu, Nov 12, 2015 at 7:23 PM, Alexander Velkov <alvel85 at googlemail.com>
wrote:

> ok great, thank you for your answer!
>
> On Thu, Nov 12, 2015 at 7:01 PM, Ondrej Zajicek <santiago at crfreenet.org>
> wrote:
>
>> On Thu, Nov 12, 2015 at 05:25:18PM +0100, Alexander Velkov wrote:
>> > Hi Ondrej,
>> >
>> > thank you for your reply!
>> >
>> > When is this branch planned to be integrated to main?
>>
>> I guess we will release a new version of BIRD containing RIP from rip-new
>> branch during 2015-12 or 2016-01.
>>
>> --
>> Elen sila lumenn' omentielvo
>>
>> Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
>> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
>> "To err is human -- to blame it on a computer is even more so."
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20160623/044e09a2/attachment.html>

More information about the Bird-users mailing list