From owner-freebsd-questions@FreeBSD.ORG Mon Sep 10 15:35:32 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E7BF5106564A for ; Mon, 10 Sep 2012 15:35:31 +0000 (UTC) (envelope-from sivareddy.obili@gmail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 7423A8FC0A for ; Mon, 10 Sep 2012 15:35:31 +0000 (UTC) Received: by mail-we0-f182.google.com with SMTP id x56so1528811wey.13 for ; Mon, 10 Sep 2012 08:35:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=6apEo5xxbIhFO6QXBHafzJvgX8nPQu7s0d2tNINsGg0=; b=hLAnktOMrTNvgrFK5RM+yJJe+szXMW9iAVFWhsEVeJ9RtxVXbsvdaEdon+mtRZLT/t 9xk+ar9fxwHIO/cZ/YZWNTE6zI7LxSG0Xe8svj30nfSt+hvCuh70R42YAkrakpLSqIE2 9kX9/3oAb0aFF4ZwajTgDnC2qthYOOrVauEiYJhEpkvasI55QQWc4DOEAqX3CnXdjsCq 3N+htmUBmpe/NeSJALrx0cSIz47nWK5CK0hboKF94kTdMt5A65GxPAn4DbD1cUS8MTNA p18GldIUk3QwZ20zPpbpuF+ZceHjV/wBhjBn8Uj7arqoyEu7aXrwx+ksksVh+vPJImk1 U5AA== MIME-Version: 1.0 Received: by 10.216.204.99 with SMTP id g77mr7983444weo.165.1347291331041; Mon, 10 Sep 2012 08:35:31 -0700 (PDT) Received: by 10.227.200.198 with HTTP; Mon, 10 Sep 2012 08:35:30 -0700 (PDT) In-Reply-To: <20120906173028.4448600f@mr129166> References: <20120906173028.4448600f@mr129166> Date: Mon, 10 Sep 2012 21:05:30 +0530 Message-ID: From: SivaReddy Obili To: Patrick Lamaiziere Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: RFC 2385 TCP MD5 support on FreeBSD8.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 15:35:32 -0000 Thank you very much for the quick reply. Can you please point me to the link where I can download the /usr/src tarball to download the code. Thank you again. On Thu, Sep 6, 2012 at 9:00 PM, Patrick Lamaiziere w= rote: > Le Thu, 6 Sep 2012 20:46:53 +0530, > SivaReddy Obili a =E9crit : > > Hello, > > > Recently I've downloaded the FreeBSD 8.3 Release ISO Image > > (FreeBSD-8.3-RELEASE-i386-dvd1 (1).iso) and installed in our machine. > > Actually our requirement is to check the TCP MD5 support on > > FreeBSD8.3 . > > > > But we were not able to configure BGP MD5 on that machine. > > I've used TCP-MD5 signature for bgp between a FreeBSD 8.x and OpenBSD, > using setkey(8) to enforce the signature between the peers. That > worked (of course, then you shouldn't use tcp-md5 in openbgd). > > setkey(8): > add -4 peer1 peer2 tcp 0x1000 -A tcp-md5 "PASSWORD"; > add -4 peer2 peer1 tcp 0x1000 -A tcp-md5 "PASSWORD"; > > kernconf: > # In order to enable IPSEC you MUST also add device crypto to > # your kernel configuration > options IPSEC #IP security (requires device crypto) > device crypto > options TCP_SIGNATURE #include support for RFC 2385 > > You should check that the signature is checked (ie if the signature is > bad, bgpd rejects the connection), I've not test this. > > HTH. > Regards. >