Hello,
I'm trying Bird 2 on FreeBSD 11.2 using tcp md5 signature for BGP
connections.
Bird2 has an option to set the needed ipsec SA/SP but here this does
not work.
The first entry (0.0.0.0 129.20.128.78) is correct but the second one
(129.20.128.78 0.0.0.0) has an invalid spi field (should be 0x1000). The
spi value changes each time bird runs so it looks uninitialized.
# setkey -D
129.20.128.78 0.0.0.0
tcp mode=any spi=131144976(0x07d11d10) reqid=0(0x00000000)
A: tcp-md5 32626770 2d313421
seq=0x00000000 replay=0 flags=0x00000040 state=mature
created: Jun 12 14:15:50 2018 current: Jun 12 14:24:31
2018 diff: 521(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=49180 refcnt=1
0.0.0.0 129.20.128.78
tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000)
A: tcp-md5 32626770 2d313421
seq=0x00000000 replay=0 flags=0x00000040 state=mature
created: Jun 12 14:15:50 2018 current: Jun 12 14:24:31
2018 diff: 521(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=49180 refcnt=1
Also FreeBSD has a patch on Bird to add the second entry, I think this
patch should be submitted upstream. (I can do it but some explanation
would be welcome)
see also :
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218907
Any clue?
Thanks, regards.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
