Re: FreeBSD 5.4 - TCP MD5

From: Jonathan Noack (noackjr_at_alumni.rice.edu)
Date: 05/26/05

  • Next message: Lee Johnston: "Re: FreeBSD 5.4 - TCP MD5" 
    Date: Thu, 26 May 2005 13:47:31 -0500
To: Lee Johnston <lee@wildcard.net.uk>

    On 05/26/05 11:32, Lee Johnston wrote:
    > At 17:27 26/05/2005, Kris Kennaway wrote:
    >> On Thu, May 26, 2005 at 05:22:47PM +0100, Lee Johnston wrote:
    >> > Hi,
    >> >
    >> > I'm trying to configure a 5.4 box with Quagga to support TCP MD5
    >> Passwords.
    >> > I've achieved this previously with 4.10, but when I try to add the
    >> > following kernel options, 5.4 doesn't like it:
    >> >
    >> > options FAST_IPSEC
    >> > options crypto
    >> > options TCP_MD5
    >> >
    >> > config gives:
    >> > VENUS: unknown option "TCP_MD5"
    >> >
    >> >
    >> > I have this in /etc/ipsec.conf
    >> >
    >> > add 192.168.1.1 192.168.1.2 tcp 0x1000 -A tcp-md5 "[password]";
    >> >
    >> > setkey -f /etc/ipsec.conf gives:
    >> > pfkey_open: Protocol not supported
    >> >
    >> >
    >> > What is the correct way for enabling TCP MD5 signatures on 5.4?
    >>
    >> When in doubt, check the two NOTES files.
    >
    > Thanks for your reply.. I've checked /usr/src/sys/i386/conf/NOTES but
    > can't see any mention of the options anymore.. Any other ideas?

    So that was one of the NOTES files, what about the other? Kris said to
    check the *two* NOTES files...

    $ grep MD5 /sys/i386/conf/NOTES /sys/conf/NOTES
    /sys/conf/NOTES:# TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5)
    digests. These are
    /sys/conf/NOTES:# This is enabled on a per-socket basis using the
    TCP_MD5SIG socket option. 

    -- 
Jonathan Noack | noackjr@alumni.rice.edu | OpenPGP: 0x991D8195

  • Next message: Lee Johnston: "Re: FreeBSD 5.4 - TCP MD5"