Le Thu, 6 Sep 2012 20:46:53 +0530, SivaReddy Obili <[email protected]> a écrit :
Hello, > Recently I've downloaded the FreeBSD 8.3 Release ISO Image > (FreeBSD-8.3-RELEASE-i386-dvd1 (1).iso) and installed in our machine. > Actually our requirement is to check the TCP MD5 support on > FreeBSD8.3 . > > But we were not able to configure BGP MD5 on that machine. I've used TCP-MD5 signature for bgp between a FreeBSD 8.x and OpenBSD, using setkey(8) to enforce the signature between the peers. That worked (of course, then you shouldn't use tcp-md5 in openbgd). setkey(8): add -4 peer1 peer2 tcp 0x1000 -A tcp-md5 "PASSWORD"; add -4 peer2 peer1 tcp 0x1000 -A tcp-md5 "PASSWORD"; kernconf: # In order to enable IPSEC you MUST also add device crypto to # your kernel configuration options IPSEC #IP security (requires device crypto) device crypto options TCP_SIGNATURE #include support for RFC 2385 You should check that the signature is checked (ie if the signature is bad, bgpd rejects the connection), I've not test this. HTH. Regards. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
