CONFIG_TCP_MD5SIG missing / BGP connection doesn't work anymore after upgrading to frr

Installing and Using OpenWrt Network and Wireless Configuration
1

Ahoy ahoy.
I have been a quagga user for a long time, but now it seems to be obsolete, and frr offers more features.
I'd like to interconnect two sites, and it worked fine yet. One end has used frr already, the other one, my OpenWrt device, used quagga.
So i wanted to start with a basic config but i'm experiencing heavy issues here, with TCP retransmissions.
Both sites are connected, and always were connected, through a Wireguard P2P VPN which works well. The VPN config wasn't changed, so i think it has to do something with frr itself.

That's my configuration i got:

On OpenWrt site:

frr version 7.5
frr defaults traditional
hostname OpenWrt
log syslog informational
service integrated-vtysh-config
!
password secret
!
router bgp 64511
 bgp router-id 10.192.0.1
 no bgp default ipv4-unicast
 neighbor V4 peer-group
 neighbor V4 remote-as 64510
 neighbor V4 password secret
 neighbor V4 update-source wg0
 neighbor V6 peer-group
 neighbor V6 remote-as 64510
 neighbor V6 password secret
 neighbor V6 update-source bonding-i0
 neighbor 10.0.0.3 peer-group V4
 neighbor fd48:48:48:48::2 peer-group V6
 !
 address-family ipv4 unicast
  redistribute connected
  neighbor V4 activate
  neighbor V4 route-map IMPORT in
  neighbor V4 route-map EXPORT out
  neighbor V6 activate
 exit-address-family
 !
 address-family ipv6 unicast
  redistribute connected
  neighbor V6 activate
  neighbor V6 route-map IMPORT in
  neighbor V6 route-map EXPORT out
 exit-address-family
!
route-map EXPORT deny 100
!
route-map EXPORT permit 1
!
route-map IMPORT permit 1
!
line vty
!

On the other location:

frr version 7.5.1
frr defaults traditional
hostname wireguard-alternative
log syslog informational
service integrated-vtysh-config
!
password secret
!
router bgp 64510
 neighbor V4 peer-group
 neighbor V4 remote-as 64511
 neighbor V4 password secret
 neighbor V6 peer-group
 neighbor V6 remote-as 64511
 neighbor V6 password secret
 neighbor 10.0.0.1 peer-group V4
 neighbor fd48:48:48:48::1 peer-group V6
 !
 address-family ipv4 unicast
  redistribute connected
  neighbor V4 route-map IMPORT in
  neighbor V4 route-map EXPORT out
 exit-address-family
 !
 address-family ipv6 unicast
  redistribute connected
  neighbor V6 activate
  neighbor V6 route-map IMPORT in
  neighbor V6 route-map EXPORT out
 exit-address-family
!
route-map EXPORT deny 100
!
route-map EXPORT permit 1
!
route-map IMPORT permit 1
!
line vty
!

For some reason, the TCP transmisions seem to be damaged. Also debugging on both frr devices doesn't show any output.

Screenshot from 2021-09-24 12-06-01
Screenshot from 2021-09-24 12-06-012562×1415 305 KB

I got both .pcap files, one from each site, attached here. Maybe it's useful for further analysis. It doesn't contain any confidential information because it's for personal use only.

https://repo.unix-supremacy.org/bgp.pcap
https://repo.unix-supremacy.org/bgp2.pcap

nmap from OpenWrt to peer:

Nmap scan report for 10.0.0.3
Host is up (0.061s latency).
Not shown: 998 closed ports
PORT    STATE    SERVICE
22/tcp  open     ssh
179/tcp filtered bgp

nmap from peer to OpenWrt

Nmap scan report for 10.0.0.1
Host is up (0.061s latency).
Not shown: 995 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
53/tcp  open  domain
80/tcp  open  http
179/tcp open  bgp
443/tcp open  https

I have also upgraded to 21.02 stable.
Now i'm getting the following messages on the OpenWrt side, in bgpd daemon console.

2021/09/24 12:49:16 BGP: can't set TCP_MD5SIG option on socket 13: Protocol not available
2021/09/24 12:49:20 BGP: sockopt_tcp_signature: setsockopt(12): Protocol not available
2021/09/24 12:49:20 BGP: can't set TCP_MD5SIG option on socket 12: Protocol not available
2021/09/24 12:49:21 BGP: sockopt_tcp_signature: setsockopt(13): Protocol not available
2021/09/24 12:49:21 BGP: can't set TCP_MD5SIG option on socket 13: Protocol not available
2021/09/24 12:49:25 BGP: sockopt_tcp_signature: setsockopt(12): Protocol not available
2021/09/24 12:49:25 BGP: can't set TCP_MD5SIG option on socket 12: Protocol not available
2021/09/24 12:49:26 BGP: sockopt_tcp_signature: setsockopt(13): Protocol not available
2021/09/24 12:49:26 BGP: can't set TCP_MD5SIG option on socket 13: Protocol not available
2021/09/24 12:49:30 BGP: sockopt_tcp_signature: setsockopt(12): Protocol not available
2021/09/24 12:49:30 BGP: can't set TCP_MD5SIG option on socket 12: Protocol not available
2021/09/24 12:49:31 BGP: sockopt_tcp_signature: setsockopt(13): Protocol not available
2021/09/24 12:49:31 BGP: can't set TCP_MD5SIG option on socket 13: Protocol not available

According to some similar issues on different platforms i found on google, it has to do something with a CONFIG_TCP_MD5SIG kernel option which is not present.

I hope someone may help with that :slight_smile: