FRR BGP MD5 support is broken
This is a continuation of #7969
I recently upgraded some systems from 2.3.5 to 2.4.3 and found that FRR BGP MD5 support is now broken. When the outgoing interface is physical / LAGG it was sufficient to enable hardware checksum support to fix the issue. When the outgoing interface is an OpenVPN tunnel there is no such option, so BGP MD5 support is still broken.
I did several tests to confirm the above with peers on 2.3.5 and on 2.4.3.
A new patch in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 seems to fix this problem for any interface type by removing the hardware checksum requirement.
Can we have that patch included?
#3 Updated by Andrew Dul 11 months ago
I used my previous lab test from #7969 and looks like I was able to establish a BGP session w/ password OK to my arista EOS test VM. Using "FRR and setkey bidirectional"
This was on: pfsense
built on Thu Jul 05 07:39:05 EDT 2018