Fwd: Bird / OpenBSD / BGP MD5 authentication walkthrough

Darren Marshall darren at tuff.org.uk
Thu Feb 23 14:00:20 CET 2017


Stuart,

I can confirm this is now working, once again thanks for your help.

Cheers daz

On 22 February 2017 at 15:37, Darren Marshall <darren at tuff.org.uk> wrote:

> Stuart,
>
> Brilliant , many thanks for your support , really appreciate it,  as soon
> as I am able (busy racking kit today), I'll give it a shot and let you know
> the outcome.
>
> Cheers daz
>
> On 22 February 2017 at 14:47, Stuart Henderson <stu at spacehopper.org>
> wrote:
>
>> On 2017/02/22 14:10, Darren Marshall wrote:
>> > Hi Stuart,
>> >
>> > Thanks for the info, not exactly what I was hoping to hear!. I wonder
>> > why your tests configuring outside of Bird didn't work?, would you mind
>> > sharing your sample /etc/ipsec.conf file ?.
>> >
>> > You are right , it is inconvenient having to configure the keys outside
>> > of Bird, but right now I'd settle for that if I can get a working
>> > neighborship using MD5 auth!
>>
>> Aha: I've figured out a bit more, and got it to actually connect.
>> The bit I was missing: bird.conf still needs to have "password" set in
>> the config, though the actual value isn't used.
>>
>> ipsec.conf format is like this:
>>
>>    tcpmd5 from 192.0.2.1 to 192.0.2.2 spi 0xe1234567:0xf1234567 \
>>         authkey 6d656b6d697461736469676f6174:6d656b6d697461736469676f6174
>>
>> The SPI numbers need to be unique on the system, two different ones need
>> to be given, one for each direction. The key also needs to be repeated
>> for both directions. (So, 2x different values for SPI, 2x same for key).
>>
>> As I mentioned ipsecctl only allows setting a hex key. this is just the
>> ascii characters converted to hex, you can convert like this:
>>
>> $ echo -n mekmitasdigoat | hexdump -e '/1 "%02x"'; echo
>> 6d6b656d736174696f6769647461
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20170223/bcb3027e/attachment.html>


More information about the Bird-users mailing list