[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenBGPD, Cisco and md5 passwords
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: OpenBGPD, Cisco and md5 passwords
- From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
- Date: Thu, 17 Feb 2005 18:11:24 +0100
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
* Jon Morby <jon_(_at_)_fido_(_dot_)_net> [2005-02-17 17:09]:
> We're peering with about 30 peers, mainly on net but a couple sending a
> full routing table ... all's working fine, and over half of them have
> md5 passwords configured of varying lengths (from 6 to 18 chars)
> However ... we have a couple of peers at least one of whom is using
> Cisco 7204VXR routers running IOS 12.2.17 who we just can't get an md5
> session configured with.
> The logs their end just show "No MD5"
> Is this a known issue, or is there anything further I / we can do to
> help fix it ?
> Remove the md5sig passwords from both sides and we get a session
I do have active md5sig'd sessions on -current to juniper and cisco -
one peer is a 7206VXR even, so it is definately not a known issue :)
you mentioned the password length - 6 is completely inacceptable too
short of course :). Just to make sure: how long is the md5sig password
for the cisco session that dies? cisco has a very annoying bug, they
silently truncate the passwords to 40 (I think it was 40, might
have been a bit less even) chars - if the pasword is longer and the other
side does not have this stupid bug and thus does not truncate the
passwords mismatch of course.
if it isn't that I'd watch bgpd setting things up using
# ipsecadm monitor
and, failing to see anything there, tcpdump.
http://2suck.net/hhwl.html - http://www.bsws.de/
Unix is very simple, but it takes a genius to understand the simplicity.
Visit your host, monkey.org