Potential OSPF authentication issues with Mikrotik routers

Kees Meijs | Nefos kees at nefos.nl
Fri Jan 13 18:59:35 CET 2023


Hi Theera,

We're using Mikrotik extensively as well, in combination with BIRD2.

In RouterOS 7 there's been quite some work done on OSPF specifically. 
The latest release 7.7 (see 
https://mikrotik.com/download/changelogs/stable) incorporates some fixes 
for yet another bugs in this context.

Apart from BIRD configuration, I would suggest to upgrade to RouterOS 
7.6 at least or even better 7.7.

Cheers,
Kees

On 13-01-2023 18:11, Theera Kittichareonpot wrote:
> Hello,
>
> I am very new to Bird so I could be doing something wrong. But it 
> seems Bird 2.0.11 could have compatibility issues with Mikrotik 
> routers when OSPF authentication is used.
>
> When simple authentication is used, the neighbor state stays at Init 
> and doesn't change at all.
>
> When cryptographic password is used, the Mikrotik router gave errors 
> about wrong SA/SP id: "ospf-instance-1 { version: 2 router-id: 
> 192.168.120.1 } ospf-area-1 { 0.0.0.0 } interface { instance-id: 5 
>  broadcast 192.168.10.1%br-lan } authentication failed from 
> 192.168.10.197 wrong SA ID". I've tried md5 sha256 and sha512, but all 
> gave the same error.
>
> Kindly let me know if I did something wrong or what additional info is 
> needed. Thank you.
>
> The following is my bird.conf:
>
> log syslog all;
> #debug protocols all;
>
> #router id 192.168.10.197;
>
> ipv4 table master4;
>
> protocol device {
> }
>
> protocol direct direct4 {
>       ipv4; # Connect to default IPv4 table
> }
>
> protocol kernel kernel4 {
>       ipv4 {
>             import all;
>             export all;
>       };
> }
>
> protocol static static4 {
>       ipv4;
> }
>
> protocol ospf v2 ospf4 {
>       instance id 5; # set to the same as other routers'
>       ipv4 {
>             import all;
>             export all;
>       };
>
>       area 0 {
>             interface "eth0" {
>                   type broadcast;
>                   hello 10; # same as other routers'
>                   retransmit 5;
>                   transmit delay 1;
>                   dead 40;
>
>                   #simple authentication doesn't work with Mikrotik 
> either. The state stays at Init and doesn't change at all.
>                   #authentication simple;
>                   #password "12345678";
>
>                   # cryptographic password doesn't seem to work with 
> mikrotik too; got errors about wrong SA/SP id
>                   #authentication cryptographic;
>                   #password "12345678" { algorithm hmac sha512; };
>             };
>       };
> }
>
>
> Theera K.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20230113/145e4e73/attachment.htm>


More information about the Bird-users mailing list