From owner-freebsd-net@FreeBSD.ORG  Thu May 26 18:47:41 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B927616A41C
	for <freebsd-net@freebsd.org>; Thu, 26 May 2005 18:47:41 +0000 (GMT)
	(envelope-from noackjr@alumni.rice.edu)
Received: from smtp801.mail.sc5.yahoo.com (smtp801.mail.sc5.yahoo.com
	[66.163.168.180])
	by mx1.FreeBSD.org (Postfix) with SMTP id 61C9943D53
	for <freebsd-net@freebsd.org>; Thu, 26 May 2005 18:47:41 +0000 (GMT)
	(envelope-from noackjr@alumni.rice.edu)
Received: from unknown (HELO optimator.noacks.org)
	(noacks@swbell.net@70.240.196.53 with login)
	by smtp801.mail.sc5.yahoo.com with SMTP; 26 May 2005 18:47:40 -0000
Received: from localhost (localhost [127.0.0.1])
	by optimator.noacks.org (Postfix) with ESMTP id D750B6175;
	Thu, 26 May 2005 13:47:39 -0500 (CDT)
Received: from optimator.noacks.org ([127.0.0.1])
	by localhost (optimator.noacks.org [127.0.0.1]) (amavisd-new,
	port 10024)
	with LMTP id 08320-03; Thu, 26 May 2005 13:47:38 -0500 (CDT)
Received: from compgeek.noacks.org (compgeek [192.168.1.10])
	by optimator.noacks.org (Postfix) with ESMTP id 59428613E;
	Thu, 26 May 2005 13:47:38 -0500 (CDT)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by compgeek.noacks.org (8.13.3/8.13.3) with ESMTP id j4QIlb5i011446;
	Thu, 26 May 2005 13:47:37 -0500 (CDT)
	(envelope-from noackjr@alumni.rice.edu)
Message-ID: <429619C3.5040302@alumni.rice.edu>
Date: Thu, 26 May 2005 13:47:31 -0500
From: Jonathan Noack <noackjr@alumni.rice.edu>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050428)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Lee Johnston <lee@wildcard.net.uk>
References: <6.1.0.6.0.20050526171734.01a4a908@mail.wildcardinternet.co.uk>	<20050526162736.GA51533@xor.obsecurity.org>
	<6.1.0.6.0.20050526173136.01bb5bd8@mail.wildcardinternet.co.uk>
In-Reply-To: <6.1.0.6.0.20050526173136.01bb5bd8@mail.wildcardinternet.co.uk>
X-Enigmail-Version: 0.91.0.0
OpenPGP: id=991D8195;
	url=http://www.noacks.org/cert/noackjr.asc
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enigC59C9F9F115A8951FB5AFC73"
X-Virus-Scanned: amavisd-new at noacks.org
Cc: freebsd-net@freebsd.org, Kris Kennaway <kris@obsecurity.org>
Subject: Re: FreeBSD 5.4 - TCP MD5
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: noackjr@alumni.rice.edu
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2005 18:47:41 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC59C9F9F115A8951FB5AFC73
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

On 05/26/05 11:32, Lee Johnston wrote:
> At 17:27 26/05/2005, Kris Kennaway wrote:
>> On Thu, May 26, 2005 at 05:22:47PM +0100, Lee Johnston wrote:
>> > Hi,
>> >
>> > I'm trying to configure a 5.4 box with Quagga to support TCP MD5 
>> Passwords.
>> > I've achieved this previously with 4.10, but when I try to add the
>> > following kernel options, 5.4 doesn't like it:
>> >
>> > options FAST_IPSEC
>> > options crypto
>> > options TCP_MD5
>> >
>> > config gives:
>> > VENUS: unknown option "TCP_MD5"
>> >
>> >
>> > I have this in /etc/ipsec.conf
>> >
>> > add 192.168.1.1 192.168.1.2 tcp 0x1000 -A tcp-md5 "[password]";
>> >
>> > setkey -f /etc/ipsec.conf gives:
>> > pfkey_open: Protocol not supported
>> >
>> >
>> > What is the correct way for enabling TCP MD5 signatures on 5.4?
>>
>> When in doubt, check the two NOTES files.
> 
> Thanks for your reply.. I've checked /usr/src/sys/i386/conf/NOTES but 
> can't see any mention of the options anymore.. Any other ideas?

So that was one of the NOTES files, what about the other?  Kris said to 
check the *two* NOTES files...

$ grep MD5 /sys/i386/conf/NOTES /sys/conf/NOTES
/sys/conf/NOTES:# TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) 
digests. These are
/sys/conf/NOTES:# This is enabled on a per-socket basis using the 
TCP_MD5SIG socket option.

-- 
Jonathan Noack | noackjr@alumni.rice.edu | OpenPGP: 0x991D8195

--------------enigC59C9F9F115A8951FB5AFC73
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFClhnJUFz01pkdgZURAr1fAJ9YR2gHYKi3tcd5GmYHaLtuLFOZqACfdGLr
yh/J/SuAvHGg6ngBu5AG9ic=
=ma/N
-----END PGP SIGNATURE-----

--------------enigC59C9F9F115A8951FB5AFC73--