Date: Thu, 06 Sep 2012 11:31:08 -0400 From: Mike Tancsa <mike@sentex.net> To: SivaReddy Obili <sivareddy.obili@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: RFC 2385 TCP MD5 support on FreeBSD8.3 Message-ID: <5048C1BC.3030001@sentex.net> In-Reply-To: <CAFtSE5eWYk%2BZ_2DJdS_yvFsx9OgLUJoYx1FBvSSG9%2BMTOv1poQ@mail.gmail.com> References: <CAFtSE5eWYk%2BZ_2DJdS_yvFsx9OgLUJoYx1FBvSSG9%2BMTOv1poQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/6/2012 11:16 AM, SivaReddy Obili wrote: > > But we were not able to configure BGP MD5 on that machine. Perhaps you could post some details as to what you tried. Did you recompile the kernel with MD5 support ? In the kernel, you need options TCP_SIGNATURE options IPSEC device crypto If you have not built a customer kernel, cd /usr/src/sys/i386/conf cp GENERIC router in the file router, options TCP_SIGNATURE options IPSEC device crypto in /etc/make.conf add KERNCONF=router cd /usr/src make -j4 buildkernel && make installkernel Then, in /etc/ipsec.conf add something like #.18 is the local machine, .29 the remote machine add 192.168.134.18 192.168.134.29 tcp 0x1000 -A tcp-md5 "HelloMD5" ; add to /etc/rc.conf ipsec_enable="YES" # Set to YES to run setkey on ipsec_file ipsec_file="/etc/ipsec.conf" # Name of config file for setkey cd to /usr/ports/net/quagga and make install in your bgp config, the peer needs a line like neighbor 192.168.134.29 password HelloMD5 ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5048C1BC.3030001>