From owner-freebsd-isp@FreeBSD.ORG Tue Apr 4 13:54:49 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5421C16A41F for ; Tue, 4 Apr 2006 13:54:49 +0000 (UTC) (envelope-from patrik.forsberg@dataphone.net) Received: from stomail01.se.dataphone.com (stomail01.se.dataphone.com [212.37.6.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id B947B43D45 for ; Tue, 4 Apr 2006 13:54:48 +0000 (GMT) (envelope-from patrik.forsberg@dataphone.net) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Tue, 4 Apr 2006 15:54:43 +0200 Message-ID: <039BED0949CA9C4AB253EBDA3ADDAA3262EE7F@stomail01.se.dataphone.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: TCP-MD5 Thread-Index: AcZX71N3MPIjU/rMSyWLNgIiu7Xhbw== From: "Patrik Forsberg" To: Subject: TCP-MD5 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2006 13:54:49 -0000 Hi, I've had TCP-MD5 working on an old FreeBSD 4.x, it crashed and I've reinstalled a FreeBSD 6.x now. Everything is working fine exept the TCP-MD5 part. I am using it for Quagga BGP-MD5. All peers I'm trying to talk to sais that my key is invalid, even tho I set it up on a machine I control myself and copy-paste the key it the peer sais the key is invalid. Has the syntax changed on how to set this up ? I've compiled the kernel with FAST_IPSEC TCP_SIGNATURE device crypto device crytpodev and added QUAGGA_MD5_SIGNATURE(or whatever it is called) to the configuration of Quagga but still receive the same result. When I run "setkey -D" it shows me a dump of the peers, as expected, and from what I can tell it is correct. I do receive alot of errors like "tcp_signature_compute: SADB lookup failed for " even tho the key is valid. I've tried compiling the kernel with "IPSEC" and not "FAST_IPSEC" too but with the same result. My " setkey -D " dump looks somewhat like this tcp mode=3Dany spi=3D4096(0x00001000) reqid=3D0(0x00000000) A: tcp-md5 xxxxxxxx xxxxxx seq=3D0x00000000 replay=3D0 flags=3D0x00000040 state=3Dmature=20 created: Apr 4 13:57:36 2006 current: Apr 4 15:47:20 2006 diff: 6584(s) hard: 0(s) soft: 0(s) last: Apr 4 15:14:30 2006 hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 64 hard: 0 soft: 0 sadb_seq=3D0 pid=3Dxxxxx refcnt=3D1 (Some information has been overwritten with " x ".) "setkey -DP" gives me "No SPD entries." which is probably as it should. My " /etc/ipsec.conf " configuration file looks something like this flush ; add -4 tcp 0x1000 -A tcp-md5 "" ; And in my Quagga configuration it has a "neighbor password " entry. -- Best regards, Patrik