Hi,

I can't make OSPF MD5 encryption work between a RB450G running OS 4.16 to a 2851 Cisco router, but a RB1100 right next to it running OS v.5.0rc7 works just fine.

The two router boards will not talk to each other on OSPF. Is there a bug on OS 4.16 running MD5?

The OSv4.16 board gets an error message

"discarding packet wrong authentication"
mine=null authentication
message=cryptographic authentication
Source=xxx.xxx.xxx.10

and this is what I have on it.
/routing ospf interface
add authentication=md5 authentication-key=123456ospf authentication-key-id=3 comment="" cost=10 dead-interval=40s \
disabled=no hello-interval=10s instance-id=0 interface=ether1-gateway network-type=broadcast passive=no priority=1 \
retransmit-interval=5s transmit-delay=1s use-bfd=no

Router board with v5.0rc7 I have this error in the log

"discarding packet wrong authentication"
mine=cryptographic authentication
message=null authentication
source=xxx.xxx.xxx.11

and this is what I have on it.
/routing ospf interface
add authentication=md5 authentication-key=123456ospf authentication-key-id=3 cost=10 dead-interval=\
40s disabled=no hello-interval=10s instance-id=0 interface=ether1-gateway network-type=broadcast \
passive=no priority=1 retransmit-interval=5s transmit-delay=1s use-bfd=no

The two router boards will not talk to each other on OSPF. Is there a bug on OS 4.16 running MD5?
as you can see they think that encryption is null on the OS v4.16 board, but it is not as you can see.

Anyone run across this??
Thanks
Glenn Allen

Just to be certain, the interface on the 4.16 box which is speaking to the 5.0 box is actually named exactly "ether1-gateway"? I'd look for typographical errors.

This is probably not related to your problems but, just in case:

I had some problems the other night because I restored a config with custom interface names from a 750G to a 450G. The names ended up on apparently random interfaces. It took a while for me to notice that plugging the ethernet cable into physical port 4 on the 450G showed running on the interface named 1_to_blah which was physical port 1 on the 750G.

looking at interface name I assume that router still has default configuration. Default configuration does not allow any communication with the router on ether1-gateway. Packets going out of ether1-gateway are masqueraded, which also breaks ospf.

Hi, mrz and lambert,

Thanks for the replies !

I didn't change the default name of the ether1, But this RB450G doesn't have any of the default config on it. It isn't doing much but having a cable plugged into ether1. So it isn't is not masquerading. This box just has two EIOP tunnels leaving it to put some outside addresses to a place inside of another network. ( long story).

I guess I forgot to mention, that if I shut off MD5 encryption on the Cisco router, and the two mikrotiks, and do just no encryption, OSPF works. I have had our Cisco Geek doing packet sniffs, trying to figure this out, and haven't gotten anywhere yet.

Thanks for the Ideas.

ke6hpz