Le Fri, 4 Nov 2011 11:13:21 +0100, Borja Marcos <[email protected]> a écrit :
> I'm testing a set up for OpenBGPd with FreeBSD 9-RC1 (amd64). For now > I'm trying on two virtual machines. Using the stock GENERIC kernel it > works, although of course it doesn't have TCP MD5 support, which I > require. > > I've compiled new kernels with the TCP MD5 support (options IPSEC, > device crypto and options TCP_SIGNATURE), and after installing it on > both machines OpenBGPd no longer works. No matter if I try to > configure the bgp sessions with TCP-MD5 or not, the sessions won't > work. > > Any ideas? As far as I know, this shoud work. The daemon is > complaning that there's no kernel support for pf_key. Isn't a new option to build openbgpd with tcp-md5 (and without pf_key)? I've used TCP-MD5 signature for bgp between a FreeBSD 8.x and OpenBSD, using setkey(8) to enforce the signature between the peers. That worked (of course, then you shouldn't use tcp-md5 in openbgd). setkey(8): add -4 peer1 peer2 tcp 0x1000 -A tcp-md5 "PASSWORD"; add -4 peer2 peer1 tcp 0x1000 -A tcp-md5 "PASSWORD"; kernconf: # In order to enable IPSEC you MUST also add device crypto to # your kernel configuration options IPSEC #IP security (requires device crypto) device crypto options TCP_SIGNATURE #include support for RFC 2385 Regards. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[email protected]"
