From owner-freebsd-net@FreeBSD.ORG  Thu May 26 16:26:59 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 86FD116A433
	for <freebsd-net@freebsd.org>; Thu, 26 May 2005 16:26:59 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: from obsecurity.dyndns.org
	(CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com
	[69.194.102.232])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 95D5343D8E
	for <freebsd-net@freebsd.org>; Thu, 26 May 2005 16:26:49 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 32E50513C0; Thu, 26 May 2005 09:27:37 -0700 (PDT)
Date: Thu, 26 May 2005 09:27:37 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Lee Johnston <lee@wildcard.net.uk>
Message-ID: <20050526162736.GA51533@xor.obsecurity.org>
References: <6.1.0.6.0.20050526171734.01a4a908@mail.wildcardinternet.co.uk>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="1yeeQ81UyVL57Vl7"
Content-Disposition: inline
In-Reply-To: <6.1.0.6.0.20050526171734.01a4a908@mail.wildcardinternet.co.uk>
User-Agent: Mutt/1.4.2.1i
Cc: freebsd-net@freebsd.org
Subject: Re: FreeBSD 5.4 - TCP MD5
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2005 16:26:59 -0000


--1yeeQ81UyVL57Vl7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, May 26, 2005 at 05:22:47PM +0100, Lee Johnston wrote:
> Hi,
>=20
> I'm trying to configure a 5.4 box with Quagga to support TCP MD5 Password=
s.=20
> I've achieved this previously with 4.10, but when I try to add the=20
> following kernel options, 5.4 doesn't like it:
>=20
> options FAST_IPSEC
> options crypto
> options TCP_MD5
>=20
> config gives:
> VENUS: unknown option "TCP_MD5"
>=20
>=20
> I have this in /etc/ipsec.conf
>=20
> add 192.168.1.1 192.168.1.2 tcp 0x1000 -A tcp-md5 "[password]";
>=20
> setkey -f /etc/ipsec.conf gives:
> pfkey_open: Protocol not supported
>=20
>=20
> What is the correct way for enabling TCP MD5 signatures on 5.4?

When in doubt, check the two NOTES files.

Kris

--1yeeQ81UyVL57Vl7
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFClfj4Wry0BWjoQKURAq4fAJwPuY68zocDCyL3XPDrNaD0+x7vJgCeP02C
kMC0fjTiCOrx5tsjBZaG/GE=
=RWCH
-----END PGP SIGNATURE-----

--1yeeQ81UyVL57Vl7--