Bug #8407
closed
FRR BGP MD5 support is broken
0%
Description
This is a continuation of #7969
I recently upgraded some systems from 2.3.5 to 2.4.3 and found that FRR BGP MD5 support is now broken. When the outgoing interface is physical / LAGG it was sufficient to enable hardware checksum support to fix the issue. When the outgoing interface is an OpenVPN tunnel there is no such option, so BGP MD5 support is still broken.
I did several tests to confirm the above with peers on 2.3.5 and on 2.4.3.
A new patch in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835 seems to fix this problem for any interface type by removing the hardware checksum requirement.
Can we have that patch included?
Files
Updated by 
Updated by Jim Pingle over 6 years ago
- Category set to Routing
- Status changed from New to Feedback
- Assignee changed from Jim Pingle to Anonymous
Can you test this again on a current 2.4.4 snapshot which uses a FreeBSD 11.2 base? Looking at the FreeBSD bug you linked, it should be OK there.
Updated by Andrew Dul over 6 years ago
I used my previous lab test from #7969 and looks like I was able to establish a BGP session w/ password OK to my arista EOS test VM. Using "FRR and setkey bidirectional"
This was on: pfsense
2.4.4-DEVELOPMENT (amd64)
built on Thu Jul 05 07:39:05 EDT 2018
FreeBSD 11.2-RELEASE
Updated by Andrew Dul over 6 years ago
Updated by Jim Pingle over 6 years ago
- Status changed from Feedback to Resolved
Great!
I'll close this out for now. If it breaks again, let us know.