Leo,
Thanks for answer.
As for 11.1 IPSEC is already enabled in GENERIC, so I had to add only
TCP_SIGNATURE.
After I'd installed new kernel, BGP auth started working without adding
ipsec-related stuff to rc.conf or altering setkey.conf
> On 23 Mar 2018, at 15:37, Leo Vandewoestijne wrote:
Hi,
Yesterday I've submitted patches to upgrade Bird 1.6.x and 2.0.x to yesterdays
releases.
Now at the 1.6.x there used to be a firewall patch, made by Alexander V.
Chernikov.
But it's a stuggle to not break that option.
So now I wonder, is this only used by few people,
or are thousands of r
On Fri, 23 Mar 2018, Peter Andreev wrote:
> Is it still necessary to build custom kernel to get md5 auth working?
>
I'm pretty sure, yes.
The only way I got it working in 11.1 i.c.w. 1.6.x was:
# kernel config
options IPSEC
options TCP_SIGNATURE
# /etc/rc.conf
ipsec_enable="YES"
ipsec_program="
… and yet another followup …
>>> As one of my many uses for BIRD is in large wireless environments (i.e.,
>>> IETF meetings) I am very interested in keeping the amount of multicast
>>> traffic as low as possible. The standards allow for a router to
>>> (immediately) respond with a unicast RA t
Hi,
Is it still necessary to build custom kernel to get md5 auth working?
I got message "Error: Kernel MD5 auth failed” on FreeBSD 11.1 and bird 1.6.3.
--
Peter Andreev MSK-IX/RIPN
+7 (495) 737-0685DNS Network Operational Center
+7 (499) 192-9179
