Openbgpd TCP-MD5
Hello, Seemingly like you don't have rfc 2385 support in your kernel from /usr/src/sys/conf/NOTES : # TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are # carried in TCP option 19. This option is commonly used to protect # TCP sessions (e.g. BGP) where IPSEC is not available nor desirable. # This is enabled on a per-socket basis using the TCP_MD5SIG socket option. # This requires the use of 'device crypto', 'options FAST_IPSEC' or 'options # IPSEC', and 'device cryptodev'. #optionsTCP_SIGNATURE #include support for RFC 2385 Regards, -- Sergey Alexanov SA1215-RIPE [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Openbgpd TCP-MD5
Hello, Does anyone know if TCP-MD5 is working with OpenBGP on Freebsd ? I've got a Freebsd 6.1 system (6.1-RELEASE-p5) on which I've tried both openbgpd and openbgpd-devel. The system has a test session now with a Cisco 3750 equipment. On the OpenBGPD machine I have setup the Cisco neighbor with the tcp md5sig password option. On the Cisco machine I have setup the OpenBGPD neighbor with the password option. Upon starting the session the OpenBGPD machine reported pfkey setup failed. I used setkey to add the following (after adding FAST_IPSEC and TCP-MD5 in the kernel): add ip-openbgpd ip-cisco-bgp tcp 0x1000 -A tcp-md5 "password I used"; On the Cisco device if I issue a show logg I can see: %TCP-6-BADAUTH: No MD5 digest from ip-openbgpd(179) to ip-cisco(15581) (RST) Also the OpenBGPD FreeBSD system displays: kernel: tcp_signature_compute: SADB lookup failed for ip-cisco Help wanted:) if possible Thanks, Mihai ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"