[FUG-BR] OpenBGPD no FreeBSD
Alisson
alissongoncalves em bsd.com.br
Sábado Abril 7 09:22:05 BRT 2012
Bom dia pessoal...
depois de varios dias procurando a solução em foruns e listas...
descobri a solução em uma lista americana...
não era firewall e nem nada...
o problema estava em uma váriavel...
basta setar net.inet.tcp.signature_verify_input=0
que na hora funcionou....
obrigado
Em 5 de abril de 2012 18:05, Alisson <alissongoncalves em bsd.com.br> escreveu:
> pelos posts que vi... esse erro é normal no FreeBSD pq ele nao suporta
> isso..
>
> ontem fiz o teste e compilei o que pedia la no topico..
>
> options TCP_SIGNATURE #include support for RFC 2385
> options IPSEC
> device crypto
>
> options DEVICE_POLLING
> device carp
> device if_bridge
> options IPSEC_NAT_T
> device pf
> device pfsync
> device pflog
>
> mas mesmo assim o erro continuou
>
> Em 5 de abril de 2012 17:13, Alisson <alissongoncalves em bsd.com.br>escreveu:
>
> executei o comandobgpd -dv e veja o retorno
>>
>> bgpd -dv
>> startup
>>
>> no kernel support for PF_KEY
>> session engine ready
>> route decision engine ready
>> peer_internet = "10.0.1.1"
>> meuip = "10.0.1.2"
>> *cannot bind to 10.0.1.2:179: Address already in use*
>> new ktable rdomain_0 for rtableid 0
>> RDE reconfigured
>> SE reconfigured
>> neighbor 10.0.1.1 (PROVEDOR): state change None -> Idle, reason: None
>> neighbor 10.0.1.1 (PROVEDOR): state change Idle -> Connect, reason: Start
>>
>> neighbor 10.0.1.1 (PROVEDOR): socket error: Operation timed out
>> neighbor 10.0.1.1 (PROVEDOR): state change Connect -> Active, reason:
>> Connection open failed
>>
>> neighbor 10.0.1.1 (PROVEDOR): socket error: Operation timed out
>>
>>
>>
>> Em 5 de abril de 2012 16:14, Alisson <alissongoncalves em bsd.com.br>escreveu:
>>
>> Certo... alterei novamente
>>>
>>> LADO PEER
>>>
>>> peer_internet="10.0.1.1"
>>> meuip="10.0.1.2"
>>>
>>>
>>> #global configuration
>>> AS 65010
>>> router-id $meuip
>>> listen on $meuip
>>> log updates
>>>
>>> #network we announce
>>> network 192.168.40.0/24
>>>
>>> #Neighbor
>>>
>>> neighbor $peer_internet {
>>> remote-as 65001
>>> descr PROVEDOR
>>> local-address $meuip
>>>
>>> announce self
>>> }
>>>
>>>
>>> LADO PROVEDOR
>>>
>>> peer1="10.0.1.2"
>>> meuip="10.0.1.1"
>>>
>>> #global configuration
>>> AS 65001
>>> router-id $meuip
>>> listen on $meuip
>>>
>>> log updates
>>>
>>> #network we announce
>>> network 192.168.50.0/24
>>>
>>> #Neighbor
>>>
>>> neighbor $peer1 {
>>> remote-as 65010
>>> descr PEER1
>>> local-address $meuip
>>> announce self
>>> }
>>>
>>> LADO PROVEDOR
>>>
>>>
>>> (root em PROVEDOR)[~]# bgp
>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>> State/PrfRcvd
>>> PEER1 65010 0 0 0 Never Active
>>>
>>>
>>> LADO PEER1
>>>
>>> (root em PEER1)[~]# bgp
>>>
>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>> State/PrfRcvd
>>> PROVEDOR 65001 0 0 0 Never
>>> Active
>>>
>>>
>>> /var/log/messages
>>>
>>> Apr 5 15:08:48 PEER1 bgpd[1987]: neighbor 10.0.1.1 (PROVEDOR): socket
>>> error: Operation timed out
>>> Apr 5 15:12:03 PEER1 bgpd[1987]: neighbor 10.0.1.1 (PROVEDOR): socket
>>> error: Operation timed out
>>>
>>>
>>> Apr 5 15:08:30 PROVEDOR bgpd[1658]: neighbor 10.0.1.2 (PEER1): socket
>>> error: Operation timed out
>>> Apr 5 15:11:46 PROVEDOR bgpd[1658]: neighbor 10.0.1.2 (PEER1): socket
>>> error: Operation timed out
>>>
>>>
>>>
>>>
>>>
>>>
>>> Em 5 de abril de 2012 09:22, Alisson <alissongoncalves em bsd.com.br>escreveu:
>>>
>>> Pessoal fiz as alterações... os ips da rede 10... e os ips da loopbackup
>>>> (172) estão se pingando...
>>>>
>>>> LADO PEER1
>>>>
>>>> peer_internet="10.0.1.1"
>>>> meuip="172.16.2.255"
>>>>
>>>> #global configuration
>>>>
>>>> AS 65010
>>>> router-id $meuip
>>>> listen on $meuip
>>>> holdtime 180
>>>> holdtime min 3
>>>> fib-update no
>>>> log updates
>>>>
>>>> #network we announce
>>>> network 192.168.40.0/24
>>>>
>>>>
>>>> #Neighbor
>>>>
>>>> neighbor $peer_internet {
>>>> remote-as 65001
>>>> descr PROVEDOR
>>>> multihop 2
>>>> local-address $meuip
>>>> holdtime 180
>>>> holdtime min 3
>>>> announce self
>>>> }
>>>>
>>>> LADO PROVEDOR
>>>>
>>>>
>>>> peer1="10.0.1.2"
>>>> meuip="172.16.1.255"
>>>>
>>>>
>>>> #global configuration
>>>> AS 65001
>>>> router-id $meuip
>>>> listen on $meuip
>>>>
>>>> holdtime 180
>>>> holdtime min 3
>>>> fib-update no
>>>> log updates
>>>>
>>>> #network we announce
>>>> network 192.168.50.0/24
>>>>
>>>>
>>>> #Neighbor
>>>>
>>>> neighbor $peer1 {
>>>> remote-as 65010
>>>> descr PEER1
>>>> multihop 2
>>>> local-address $meuip
>>>> holdtime 180
>>>> holdtime min 3
>>>> announce self
>>>> }
>>>>
>>>>
>>>>
>>>> (root em PROVEDOR)[~]# bgp
>>>>
>>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>>> State/PrfRcvd
>>>> PEER1 65010 0 0 0 Never
>>>> Active
>>>>
>>>> (root em PEE1)[~]# bgp
>>>>
>>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>>> State/PrfRcvd
>>>> PROVEDOR 65001 0 0 0 Never
>>>> Active
>>>>
>>>> /var/log/messages
>>>> Apr 5 08:13:25 PROVEDOR bgpd[1598]: neighbor 10.0.1.2 (PEER1): socket
>>>> error: Connection refused
>>>>
>>>>
>>>>
>>>> Em 4 de abril de 2012 19:50, Alisson <alissonfer em gmail.com> escreveu:
>>>>
>>>> Boa noite Pessoal,
>>>>>
>>>>> tudo certo?
>>>>>
>>>>> estou tendo alguns problemas com o OpenBGP no FreeBSD para levantar
>>>>> sessões.
>>>>>
>>>>> fiz testes com AS e IPS invalidos.
>>>>>
>>>>> segue abaixo as configurações
>>>>>
>>>>> LADO PEER 1
>>>>>
>>>>> peer_internet="10.0.1.1"
>>>>> meuip="10.0.1.10"
>>>>>
>>>>> # global configuration
>>>>> AS 65010
>>>>> router-id $meuip
>>>>> listen on $meuip
>>>>> holdtime 180
>>>>> holdtime min 3
>>>>> fib-update no
>>>>> log updates
>>>>> #network we announce
>>>>> network 192.168.40.0/23
>>>>>
>>>>> #Neighbor
>>>>>
>>>>> neighbor $peer_internet {
>>>>> remote-as 65001
>>>>> descr PROVEDOR
>>>>> multihop 2
>>>>> local-address $meuip
>>>>> passive
>>>>> holdtime 180
>>>>> holdtime min 3
>>>>> announce self
>>>>>
>>>>> }
>>>>>
>>>>> LADO PROVEDOR
>>>>>
>>>>> peer1="10.0.1.10"
>>>>> meuip="10.0.1.1"
>>>>>
>>>>> #global configuration
>>>>> AS 65001
>>>>> router-id $meuip
>>>>> listen on $meuip
>>>>>
>>>>> holdtime 180
>>>>> holdtime min 3
>>>>> fib-update no
>>>>> log updates
>>>>>
>>>>> #network we announce
>>>>> network 192.168.50.0/23
>>>>>
>>>>> #Neighbor
>>>>>
>>>>> neighbor $peer1 {
>>>>> remote-as 65010
>>>>> descr PEER1
>>>>> multihop 2
>>>>> local-address $meuip
>>>>> passive
>>>>> holdtime 180
>>>>> holdtime min 3
>>>>> announce self
>>>>>
>>>>> }
>>>>>
>>>>>
>>>>> e veja o resultado - a sessão nao levanta...
>>>>>
>>>>> (root em local-peer1)[~]# bgp
>>>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>>>> State/PrfRcvd
>>>>> PROVEDOR 65001 0 0 0 Never
>>>>> Active
>>>>>
>>>>> (root em local-provedor)[~]# bgp
>>>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>>>> State/PrfRcvd
>>>>> PEER1 65010 0 0 0 Never Active
>>>>>
>>>>> /var/log/messages
>>>>>
>>>>> Apr 4 18:12:17 local-peer1 bgpd[2215]: no kernel support for PF_KEY
>>>>>
>>>>> alguem já teve este tipo de problema com OpenBGP?
>>>>>
>>>>> obrigado!
>>>>>
>>>>>
>>>>
>>>
>>
>
Mais detalhes sobre a lista de discussão freebsd