core
core copied to clipboard
opnsense
Add support for FRR and setkey Bidirectional
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
- [X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
- [X ] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue
Is your feature request related to a problem? Please describe. When setting up BGP peering with the password with a pfSense, OPNsense does not support the FRR and setkey Bidirectional which is the much more secure way of implementing TCP MD5. Relevant documentation: https://docs.netgate.com/pfsense/en/latest/packages/frr/bgp/config-neighbor.html
bgp peering does fail when suing setkey Bidirectional which indicates to me that OPNsense does not support that feature.
A clear and concise description of what the problem is including your motivation for the request, i.e. "For the purpose of [...] I am missing a solution that will [...]."
Describe the solution you like Support FRR and setkey Bidirectional when using BGP
A clear and concise description of what you want to happen. Support FRR and setkey Bidirectional when using BGP
Describe alternatives you considered The alternative is to use FRR and setkey Outbound which is less secure and does work with OPnsense.
we do, there's no "outbound only" option on our end, relevant code sections below:
https://github.com/opnsense/plugins/blob/15ddd7ba9ec847fce158ed9c9717ac9f9f5f63f6/net/frr/src/opnsense/scripts/frr/register_sas#L35
https://github.com/opnsense/plugins/blob/15ddd7ba9ec847fce158ed9c9717ac9f9f5f63f6/net/frr/src/opnsense/service/templates/OPNsense/Quagga/sa_policies.conf#L19
https://github.com/opnsense/plugins/blob/15ddd7ba9ec847fce158ed9c9717ac9f9f5f63f6/net/frr/src/opnsense/service/templates/OPNsense/Quagga/bgpd.conf#L125
