Stuart, Brilliant , many thanks for your support , really appreciate it, as soon as I am able (busy racking kit today), I'll give it a shot and let you know the outcome.
Cheers daz On 22 February 2017 at 14:47, Stuart Henderson <s...@spacehopper.org> wrote: > On 2017/02/22 14:10, Darren Marshall wrote: > > Hi Stuart, > > > > Thanks for the info, not exactly what I was hoping to hear!. I wonder > > why your tests configuring outside of Bird didn't work?, would you mind > > sharing your sample /etc/ipsec.conf file ?. > > > > You are right , it is inconvenient having to configure the keys outside > > of Bird, but right now I'd settle for that if I can get a working > > neighborship using MD5 auth! > > Aha: I've figured out a bit more, and got it to actually connect. > The bit I was missing: bird.conf still needs to have "password" set in > the config, though the actual value isn't used. > > ipsec.conf format is like this: > > tcpmd5 from 192.0.2.1 to 192.0.2.2 spi 0xe1234567:0xf1234567 \ > authkey 6d656b6d697461736469676f6174:6d656b6d697461736469676f6174 > > The SPI numbers need to be unique on the system, two different ones need > to be given, one for each direction. The key also needs to be repeated > for both directions. (So, 2x different values for SPI, 2x same for key). > > As I mentioned ipsecctl only allows setting a hex key. this is just the > ascii characters converted to hex, you can convert like this: > > $ echo -n mekmitasdigoat | hexdump -e '/1 "%02x"'; echo > 6d6b656d736174696f6769647461 > >
