RFC 2385 TCP MD5 support on FreeBSD8.3
SivaReddy Obili
sivareddy.obili at gmail.com
Mon Sep 10 15:35:32 UTC 2012
Thank you very much for the quick reply.
Can you please point me to the link where I can download the /usr/src
tarball to download the code.
Thank you again.
On Thu, Sep 6, 2012 at 9:00 PM, Patrick Lamaiziere <patfbsd at davenulle.org>wrote:
> Le Thu, 6 Sep 2012 20:46:53 +0530,
> SivaReddy Obili <sivareddy.obili at gmail.com> a écrit :
>
> Hello,
>
> > Recently I've downloaded the FreeBSD 8.3 Release ISO Image
> > (FreeBSD-8.3-RELEASE-i386-dvd1 (1).iso) and installed in our machine.
> > Actually our requirement is to check the TCP MD5 support on
> > FreeBSD8.3 .
> >
> > But we were not able to configure BGP MD5 on that machine.
>
> I've used TCP-MD5 signature for bgp between a FreeBSD 8.x and OpenBSD,
> using setkey(8) to enforce the signature between the peers. That
> worked (of course, then you shouldn't use tcp-md5 in openbgd).
>
> setkey(8):
> add -4 peer1 peer2 tcp 0x1000 -A tcp-md5 "PASSWORD";
> add -4 peer2 peer1 tcp 0x1000 -A tcp-md5 "PASSWORD";
>
> kernconf:
> # In order to enable IPSEC you MUST also add device crypto to
> # your kernel configuration
> options IPSEC #IP security (requires device crypto)
> device crypto
> options TCP_SIGNATURE #include support for RFC 2385
>
> You should check that the signature is checked (ie if the signature is
> bad, bgpd rejects the connection), I've not test this.
>
> HTH.
> Regards.
>
More information about the freebsd-questions
mailing list