RFC 2385 TCP MD5 support on FreeBSD8.3

Patrick Lamaiziere patfbsd at davenulle.org
Thu Sep 6 15:30:36 UTC 2012

Le Thu, 6 Sep 2012 20:46:53 +0530,
SivaReddy Obili <sivareddy.obili at gmail.com> a écrit :


> Recently I've downloaded the FreeBSD 8.3 Release ISO Image
> (FreeBSD-8.3-RELEASE-i386-dvd1 (1).iso) and installed in our machine.
> Actually our requirement is to check the TCP MD5 support on
> FreeBSD8.3 .
> But we were not able to configure BGP MD5 on that machine.

I've used TCP-MD5 signature for bgp between a FreeBSD 8.x and OpenBSD,
using setkey(8) to enforce the signature between the peers. That
worked (of course, then you shouldn't use tcp-md5 in openbgd).

add -4 peer1 peer2 tcp 0x1000 -A tcp-md5 "PASSWORD";
add -4 peer2 peer1 tcp 0x1000 -A tcp-md5 "PASSWORD";

# In order to enable IPSEC you MUST also add device crypto to 
# your kernel configuration
options IPSEC  #IP security (requires device crypto)
device  crypto
options TCP_SIGNATURE #include support for RFC 2385

You should check that the signature is checked (ie if the signature is
bad, bgpd rejects the connection), I've not test this.


More information about the freebsd-questions mailing list