Closed Alt0S04 closed 5 months ago
OSPF Authentication using keychains is not supported in 8.4.4. This is the commit that brings it in: commit f5011cd5ddfd0eabe359d7013747823c6bd4ed3f Author: Mahdi Varasteh varasteh@amnesh.ir Date: Tue Sep 12 15:09:44 2023 +0330
[ospfd]: add support for RFC 5709 HMAC-SHA Auth
This patch includes:
* Implementation of RFC 5709 support in OSPF. Using
openssl library and FRR key-chain,
one can use SHA1, SHA256, SHA384, SHA512 and
keyed-MD5( backward compatibility with RFC 2328) HMAC algs.
* Updating documentation of OSPF
* add topotests for new HMAC algorithms
Signed-off-by: Mahdi Varasteh <varasteh@amnesh.ir>
this is fixed in a later version. please upgrade to the latest version.
The first stable release for this commit is: origin/stable/9.1
Thanks to Chris Hopps for the tip:
LabNs-MacBook-Pro:frr acee$ git branch -r --contains f5011cd | grep stable origin/mergify/bp/stable/9.1/pr-14554 origin/stable/9.1
Description
Hello, after working on the compatibility between OSPF and DMVPN/NHRP ( #15171) I am now working on OSPF HMAC SHA256 authentication, nd I have followed the following example in your documentation. Unfortunately, when I try to use the command "ip ospf authentication key-chain," I cannot specify the key-chain in the command. When I view the help, it indicates that I can only use MD5 (message-digest).
Version
How to reproduce
Example :
Not working command :
Expected behavior
I managed to configure a Cisco device with OSPF using HMAC-SHA256 authentication, but when it comes to FRR, the command mentioned in the documentation example doesn't work.
Actual behavior
No further information is available.
Additional context
No further information is available.
Checklist