Hello,
I have some issues with configuring RIP 'authentication'.
I connect a bird v1.6.0 running on an ARM machine with a quagga v0.99.23.1
on a 64bit Ubuntu 14.04 machine.
*Plaintext* (authentication plaintext):
ERROR - bird writes erroneous auth error msg.
the two peers connect successfully and exchange routes, but bird writes
auth error msg -
'bird: RIP: Authentication failed for 172.16.0.9 on eth0 - wrong password
(0)'
Maybe, a variable was not correctly set at init ?
-- bird.config:
...
protocol rip RIP {
debug all;
interface "eth0" {
...
authentication plaintext;
password "test";
};
-- bird log:
...
Jun 22 15:21:34 AVILA debug bird: RIP: New neighbor 172.16.0.9 on eth0
Jun 22 15:21:34 AVILA err bird: RIP: Authentication failed for 172.16.0.9
on eth0 - wrong password (0)
Jun 22 15:21:35 AVILA debug bird: RIP: Interface timer fired for eth0
Jun 22 15:21:35 AVILA debug bird: RIP: Sending triggered updates for eth0
Jun 22 15:21:35 AVILA debug bird: RIP: Sending response via eth0
Jun 22 15:21:35 AVILA debug bird: RIP: Response received from 172.16.0.9 on
eth0
Jun 22 15:21:35 AVILA debug bird: RIP > added 10.0.4.0/24 via 172.16.0.9 on
eth0
Jun 22 15:21:35 AVILA debug bird: RIP > added [best] 10.10.11.0/24 via
172.16.0.9 on eth0
Jun 22 15:21:35 AVILA info bird: net accepted:10.10.11.0/24
Jun 22 15:21:35 AVILA debug bird: RIP < added 10.10.11.0/24 via 172.16.0.9
on eth0
-- quagga.config:
...
ip rip authentication string test
-- quagga log:
2016/06/22 17:25:22 RIP: RECV packet from 172.16.0.4 port 520 on eth1
2016/06/22 17:25:22 RIP: RECV RESPONSE version 2 packet size 84
2016/06/22 17:25:22 RIP: family 0xFFFF type 2 auth string: test
2016/06/22 17:25:22 RIP: 10.2.4.1/32 -> 0.0.0.0 family 2 tag 0 metric 1
2016/06/22 17:25:22 RIP: 10.0.4.0/24 -> 0.0.0.0 family 2 tag 0 metric 1
2016/06/22 17:25:22 RIP: 172.16.0.0/24 -> 0.0.0.0 family 2 tag 0 metric 1
2016/06/22 17:25:22 RIP: RIPv2 simple password authentication from
172.16.0.4
2016/06/22 17:25:22 RIP: RIPv2 simple authentication success
...
*Cryptographic* (authentication cryptographic):
ERROR 1 - peers cannot connect with "id 0".
The ripd keychain allows setting 'key 0' but bird does not - error
'Password ID has to be greated than zero.'
If I omit setting id parameter (passwords{password "secret"; password
'secret2'; password 'secret 3'}), then the peer authentication is not
successful.
ERROR 2 - On successful md5 authentication (using different keys), bird
writes again false error messages.
-- bird.config:
...
protocol rip RIP {
debug all;
interface "eth0" {
...
authentication cryptographic;
passwords {
password "secret" {id 0;};
password "secret2" {id 1;};
password "secret3" {id 2;};
};
};
-- quagga.config:
...
key chain kChain1
key 0
key-string secret
key 1
key-string secret2
key 2
key-string secret3
interface eth1
ip rip authentication mode md5
ip rip authentication key-chain kChain1
-- quagga log (bird config without setting 'id' param):
...
2016/06/23 11:21:54 RIP: RECV packet from 172.16.0.4 port 520 on eth1
2016/06/23 11:21:54 RIP: RECV RESPONSE version 2 packet size 104
2016/06/23 11:21:54 RIP: family 0xFFFF type 3 (MD5 authentication)
2016/06/23 11:21:54 RIP: RIP-2 packet len 84 Key ID 1 Auth Data len 20
2016/06/23 11:21:54 RIP: Sequence Number 1466674388
2016/06/23 11:21:54 RIP: 10.2.4.1/32 -> 0.0.0.0 family 2 tag 0 metric 1
2016/06/23 11:21:54 RIP: 10.0.4.0/24 -> 0.0.0.0 family 2 tag 0 metric 1
2016/06/23 11:21:54 RIP: 172.16.0.0/24 -> 0.0.0.0 family 2 tag 0 metric
1
2016/06/23 11:21:54 RIP: family 0xFFFF type 1 (MD5 data)
2016/06/23 11:21:54 RIP: MD5: E8F8C8C6B6911BB9D7F4983261C5DC
2016/06/23 11:21:54 RIP: RIPv2 MD5 authentication from 172.16.0.4
2016/06/23 11:21:54 RIP: RIPv2 MD5 authentication failure
Best regards,
Alexander Velkov
On Thu, Nov 12, 2015 at 7:23 PM, Alexander Velkov <alve...@googlemail.com>
wrote:
> ok great, thank you for your answer!
>
> On Thu, Nov 12, 2015 at 7:01 PM, Ondrej Zajicek <santi...@crfreenet.org>
> wrote:
>
>> On Thu, Nov 12, 2015 at 05:25:18PM +0100, Alexander Velkov wrote:
>> > Hi Ondrej,
>> >
>> > thank you for your reply!
>> >
>> > When is this branch planned to be integrated to main?
>>
>> I guess we will release a new version of BIRD containing RIP from rip-new
>> branch during 2015-12 or 2016-01.
>>
>> --
>> Elen sila lumenn' omentielvo
>>
>> Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
>> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
>> "To err is human -- to blame it on a computer is even more so."
>>
>
>
