Stuart, I can confirm this is now working, once again thanks for your help.
Cheers daz On 22 February 2017 at 15:37, Darren Marshall <dar...@tuff.org.uk> wrote: > Stuart, > > Brilliant , many thanks for your support , really appreciate it, as soon > as I am able (busy racking kit today), I'll give it a shot and let you know > the outcome. > > Cheers daz > > On 22 February 2017 at 14:47, Stuart Henderson <s...@spacehopper.org> > wrote: > >> On 2017/02/22 14:10, Darren Marshall wrote: >> > Hi Stuart, >> > >> > Thanks for the info, not exactly what I was hoping to hear!. I wonder >> > why your tests configuring outside of Bird didn't work?, would you mind >> > sharing your sample /etc/ipsec.conf file ?. >> > >> > You are right , it is inconvenient having to configure the keys outside >> > of Bird, but right now I'd settle for that if I can get a working >> > neighborship using MD5 auth! >> >> Aha: I've figured out a bit more, and got it to actually connect. >> The bit I was missing: bird.conf still needs to have "password" set in >> the config, though the actual value isn't used. >> >> ipsec.conf format is like this: >> >> tcpmd5 from 192.0.2.1 to 192.0.2.2 spi 0xe1234567:0xf1234567 \ >> authkey 6d656b6d697461736469676f6174:6d656b6d697461736469676f6174 >> >> The SPI numbers need to be unique on the system, two different ones need >> to be given, one for each direction. The key also needs to be repeated >> for both directions. (So, 2x different values for SPI, 2x same for key). >> >> As I mentioned ipsecctl only allows setting a hex key. this is just the >> ascii characters converted to hex, you can convert like this: >> >> $ echo -n mekmitasdigoat | hexdump -e '/1 "%02x"'; echo >> 6d6b656d736174696f6769647461 >> >> >
