Date: Mon, 10 Sep 2012 21:05:30 +0530 From: SivaReddy Obili <sivareddy.obili@gmail.com> To: Patrick Lamaiziere <patfbsd@davenulle.org> Cc: freebsd-questions@freebsd.org Subject: Re: RFC 2385 TCP MD5 support on FreeBSD8.3 Message-ID: <CAFtSE5cq1-vtQA_2qBfwxpFD2JVzD-Re6qfyR-AFhA%2BWfO%2BUPg@mail.gmail.com> In-Reply-To: <20120906173028.4448600f@mr129166> References: <CAFtSE5eWYk%2BZ_2DJdS_yvFsx9OgLUJoYx1FBvSSG9%2BMTOv1poQ@mail.gmail.com> <20120906173028.4448600f@mr129166>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you very much for the quick reply. Can you please point me to the link where I can download the /usr/src tarball to download the code. Thank you again. On Thu, Sep 6, 2012 at 9:00 PM, Patrick Lamaiziere <patfbsd@davenulle.org>w= rote: > Le Thu, 6 Sep 2012 20:46:53 +0530, > SivaReddy Obili <sivareddy.obili@gmail.com> a =E9crit : > > Hello, > > > Recently I've downloaded the FreeBSD 8.3 Release ISO Image > > (FreeBSD-8.3-RELEASE-i386-dvd1 (1).iso) and installed in our machine. > > Actually our requirement is to check the TCP MD5 support on > > FreeBSD8.3 . > > > > But we were not able to configure BGP MD5 on that machine. > > I've used TCP-MD5 signature for bgp between a FreeBSD 8.x and OpenBSD, > using setkey(8) to enforce the signature between the peers. That > worked (of course, then you shouldn't use tcp-md5 in openbgd). > > setkey(8): > add -4 peer1 peer2 tcp 0x1000 -A tcp-md5 "PASSWORD"; > add -4 peer2 peer1 tcp 0x1000 -A tcp-md5 "PASSWORD"; > > kernconf: > # In order to enable IPSEC you MUST also add device crypto to > # your kernel configuration > options IPSEC #IP security (requires device crypto) > device crypto > options TCP_SIGNATURE #include support for RFC 2385 > > You should check that the signature is checked (ie if the signature is > bad, bgpd rejects the connection), I've not test this. > > HTH. > Regards. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFtSE5cq1-vtQA_2qBfwxpFD2JVzD-Re6qfyR-AFhA%2BWfO%2BUPg>