Interesting.
Would you happen to know where I could obtain sources to their version
of OpenBGPD, then?
Thanks!
On 9/21/2014 午後 07:35, Ermal Luçi wrote:
On Sun, Sep 21, 2014 at 12:31 PM, Paul S. <cont...@winterei.se
<mailto:cont...@winterei.se>> wrote:
Ermal,
I'd prefer a raw BSD installation (Call it a comfort thing, if you
will).
Has the pfSense project actually managed to patch OpenBGPD to
remove its dependency on OpenBSD specific bindings for TCP_MD5?
It might be worth it to just try to build their fork, if that's
the case.
Thank you for responding!
Yeah OpenBGPd port of pfSense has the support for installing SPDs
without setkey.
On 9/21/2014 午後 07:26, Ermal Luçi wrote:
If for you is an option pfSense has all the hard work done for
you and you can use it for such installations.
On Sun, Sep 21, 2014 at 12:08 PM, Paul S. <cont...@winterei.se
<mailto:cont...@winterei.se>> wrote:
Hi folks,
I plan to make an edge router out of a freebsd system with
OpenBGPD + FreeBSD 10, or such.
I've been reading up, and noticed that the
net.inet.ip.fastforwarding flag provides rather nice
performance benefits.
My issue is, my upstream networks insist on using TCP MD5
authentication on their BGP sessions.
This is fine, except on FreeBSD -- I'm going to have to use
the setkey utility to set those since native PF_KEY support
for OpenBGPD does not seem available.
Now, since setkey is part of IPSec, and there are countless
warnings about using IPSec and fastforwarding together in the
manpage, am I correct in assuming that this will not work if
I have fastforwarding enabled?
Is there any way to make it work? Quagga, from what I've
read, seems to also be in the same boat (Usage of setkey
required for TCP MD5).
I tried searching the manpages, but couldn't locate anything
concrete on this.
Any assistance/replies are welcome.
Thank you!
_______________________________________________
freebsd-net@freebsd.org <mailto:freebsd-net@freebsd.org>
mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscr...@freebsd.org
<mailto:freebsd-net-unsubscr...@freebsd.org>"
--
Ermal
--
Ermal
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"