From owner-freebsd-net@FreeBSD.ORG  Sun Nov  6 15:08:36 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7EEC7106566C
	for <freebsd-net@freebsd.org>; Sun,  6 Nov 2011 15:08:36 +0000 (UTC)
	(envelope-from crest@informatik.uni-bremen.de)
Received: from informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de
	[IPv6:2001:638:708:30c9::12])
	by mx1.freebsd.org (Postfix) with ESMTP id 0E41E8FC12
	for <freebsd-net@freebsd.org>; Sun,  6 Nov 2011 15:08:35 +0000 (UTC)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from smtp-fb3.informatik.uni-bremen.de
	(smtp-fb3.informatik.uni-bremen.de [134.102.224.120])
	by informatik.uni-bremen.de (8.14.3/8.14.3) with ESMTP id
	pA4CCbYb019432
	for <freebsd-net@freebsd.org>; Fri, 4 Nov 2011 13:12:40 +0100 (CET)
Received: from t420.crest.dn42 (unknown [134.102.49.124])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 6A4EE278
	for <freebsd-net@freebsd.org>; Fri,  4 Nov 2011 13:12:37 +0100 (CET)
Message-ID: <4EB3D6B5.4090608@informatik.uni-bremen.de>
Date: Fri, 04 Nov 2011 13:12:37 +0100
From: Crest <crest@informatik.uni-bremen.de>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:7.0.1) Gecko/20111011 Thunderbird/7.0.1
MIME-Version: 1.0
To: freebsd-net@freebsd.org
References: <DB54BC35-03F0-4B1F-A609-8E40036CB94E@sarenet.es>
In-Reply-To: <DB54BC35-03F0-4B1F-A609-8E40036CB94E@sarenet.es>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: FreeBSD 9-RC1, openbgpd, tcp md5
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Nov 2011 15:08:36 -0000

On 04.11.2011 11:13, Borja Marcos wrote:
> Hi
>
> I'm testing a set up for OpenBGPd with FreeBSD 9-RC1 (amd64). For now I'm trying on two virtual machines. Using the stock GENERIC kernel it works, although of course it doesn't have TCP MD5 support, which I require.
>
> I've compiled new kernels with the TCP MD5 support (options IPSEC, device crypto and options TCP_SIGNATURE), and after installing it on both machines OpenBGPd no longer works. No matter if I try to configure the bgp sessions with TCP-MD5 or not, the sessions won't work.
>
> Any ideas? As far as I know, this shoud work. The daemon is complaning that there's no kernel support for pf_key.
>
>
> FreeBSD pruebazfs3 9.0-RC1 FreeBSD 9.0-RC1 #10: Fri Nov  4 10:32:41 UTC 2011     borjam@pruebazfs1:/usr/obj/rpool/newsrc/src/sys/GENERIC  amd64

Afaik you have to set the TCP-MD5 key with setkey (from 
security/ipsec-tools) on FreeBSD. Try removing your TCP-MD5 parameters 
from bgpd.conf.