Date: Fri, 04 Nov 2011 13:12:37 +0100 From: Crest <crest@informatik.uni-bremen.de> To: freebsd-net@freebsd.org Subject: Re: FreeBSD 9-RC1, openbgpd, tcp md5 Message-ID: <4EB3D6B5.4090608@informatik.uni-bremen.de> In-Reply-To: <DB54BC35-03F0-4B1F-A609-8E40036CB94E@sarenet.es> References: <DB54BC35-03F0-4B1F-A609-8E40036CB94E@sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04.11.2011 11:13, Borja Marcos wrote: > Hi > > I'm testing a set up for OpenBGPd with FreeBSD 9-RC1 (amd64). For now I'm trying on two virtual machines. Using the stock GENERIC kernel it works, although of course it doesn't have TCP MD5 support, which I require. > > I've compiled new kernels with the TCP MD5 support (options IPSEC, device crypto and options TCP_SIGNATURE), and after installing it on both machines OpenBGPd no longer works. No matter if I try to configure the bgp sessions with TCP-MD5 or not, the sessions won't work. > > Any ideas? As far as I know, this shoud work. The daemon is complaning that there's no kernel support for pf_key. > > > FreeBSD pruebazfs3 9.0-RC1 FreeBSD 9.0-RC1 #10: Fri Nov 4 10:32:41 UTC 2011 borjam@pruebazfs1:/usr/obj/rpool/newsrc/src/sys/GENERIC amd64 Afaik you have to set the TCP-MD5 key with setkey (from security/ipsec-tools) on FreeBSD. Try removing your TCP-MD5 parameters from bgpd.conf.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EB3D6B5.4090608>