FreeBSD 5.4 - TCP MD5
Jonathan Noack
noackjr at alumni.rice.edu
Thu May 26 11:47:41 PDT 2005
On 05/26/05 11:32, Lee Johnston wrote:
> At 17:27 26/05/2005, Kris Kennaway wrote:
>> On Thu, May 26, 2005 at 05:22:47PM +0100, Lee Johnston wrote:
>> > Hi,
>> >
>> > I'm trying to configure a 5.4 box with Quagga to support TCP MD5
>> Passwords.
>> > I've achieved this previously with 4.10, but when I try to add the
>> > following kernel options, 5.4 doesn't like it:
>> >
>> > options FAST_IPSEC
>> > options crypto
>> > options TCP_MD5
>> >
>> > config gives:
>> > VENUS: unknown option "TCP_MD5"
>> >
>> >
>> > I have this in /etc/ipsec.conf
>> >
>> > add 192.168.1.1 192.168.1.2 tcp 0x1000 -A tcp-md5 "[password]";
>> >
>> > setkey -f /etc/ipsec.conf gives:
>> > pfkey_open: Protocol not supported
>> >
>> >
>> > What is the correct way for enabling TCP MD5 signatures on 5.4?
>>
>> When in doubt, check the two NOTES files.
>
> Thanks for your reply.. I've checked /usr/src/sys/i386/conf/NOTES but
> can't see any mention of the options anymore.. Any other ideas?
So that was one of the NOTES files, what about the other? Kris said to
check the *two* NOTES files...
$ grep MD5 /sys/i386/conf/NOTES /sys/conf/NOTES
/sys/conf/NOTES:# TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5)
digests. These are
/sys/conf/NOTES:# This is enabled on a per-socket basis using the
TCP_MD5SIG socket option.
--
Jonathan Noack | noackjr at alumni.rice.edu | OpenPGP: 0x991D8195
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20050526/fe19e1b1/signature.bin
More information about the freebsd-net
mailing list