Potential OSPF authentication issues with Mikrotik routers
Kees Meijs | Nefos
kees at nefos.nl
Fri Jan 13 18:59:35 CET 2023
Hi Theera,
We're using Mikrotik extensively as well, in combination with BIRD2.
In RouterOS 7 there's been quite some work done on OSPF specifically.
The latest release 7.7 (see
https://mikrotik.com/download/changelogs/stable) incorporates some fixes
for yet another bugs in this context.
Apart from BIRD configuration, I would suggest to upgrade to RouterOS
7.6 at least or even better 7.7.
Cheers,
Kees
On 13-01-2023 18:11, Theera Kittichareonpot wrote:
> Hello,
>
> I am very new to Bird so I could be doing something wrong. But it
> seems Bird 2.0.11 could have compatibility issues with Mikrotik
> routers when OSPF authentication is used.
>
> When simple authentication is used, the neighbor state stays at Init
> and doesn't change at all.
>
> When cryptographic password is used, the Mikrotik router gave errors
> about wrong SA/SP id: "ospf-instance-1 { version: 2 router-id:
> 192.168.120.1 } ospf-area-1 { 0.0.0.0 } interface { instance-id: 5
> broadcast 192.168.10.1%br-lan } authentication failed from
> 192.168.10.197 wrong SA ID". I've tried md5 sha256 and sha512, but all
> gave the same error.
>
> Kindly let me know if I did something wrong or what additional info is
> needed. Thank you.
>
> The following is my bird.conf:
>
> log syslog all;
> #debug protocols all;
>
> #router id 192.168.10.197;
>
> ipv4 table master4;
>
> protocol device {
> }
>
> protocol direct direct4 {
> ipv4; # Connect to default IPv4 table
> }
>
> protocol kernel kernel4 {
> ipv4 {
> import all;
> export all;
> };
> }
>
> protocol static static4 {
> ipv4;
> }
>
> protocol ospf v2 ospf4 {
> instance id 5; # set to the same as other routers'
> ipv4 {
> import all;
> export all;
> };
>
> area 0 {
> interface "eth0" {
> type broadcast;
> hello 10; # same as other routers'
> retransmit 5;
> transmit delay 1;
> dead 40;
>
> #simple authentication doesn't work with Mikrotik
> either. The state stays at Init and doesn't change at all.
> #authentication simple;
> #password "12345678";
>
> # cryptographic password doesn't seem to work with
> mikrotik too; got errors about wrong SA/SP id
> #authentication cryptographic;
> #password "12345678" { algorithm hmac sha512; };
> };
> };
> }
>
>
> Theera K.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20230113/145e4e73/attachment.htm>
More information about the Bird-users
mailing list