Date: Thu, 26 May 2005 13:47:31 -0500 From: Jonathan Noack <noackjr@alumni.rice.edu> To: Lee Johnston <lee@wildcard.net.uk> Cc: freebsd-net@freebsd.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: FreeBSD 5.4 - TCP MD5 Message-ID: <429619C3.5040302@alumni.rice.edu> In-Reply-To: <6.1.0.6.0.20050526173136.01bb5bd8@mail.wildcardinternet.co.uk> References: <6.1.0.6.0.20050526171734.01a4a908@mail.wildcardinternet.co.uk> <20050526162736.GA51533@xor.obsecurity.org> <6.1.0.6.0.20050526173136.01bb5bd8@mail.wildcardinternet.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC59C9F9F115A8951FB5AFC73 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 05/26/05 11:32, Lee Johnston wrote: > At 17:27 26/05/2005, Kris Kennaway wrote: >> On Thu, May 26, 2005 at 05:22:47PM +0100, Lee Johnston wrote: >> > Hi, >> > >> > I'm trying to configure a 5.4 box with Quagga to support TCP MD5 >> Passwords. >> > I've achieved this previously with 4.10, but when I try to add the >> > following kernel options, 5.4 doesn't like it: >> > >> > options FAST_IPSEC >> > options crypto >> > options TCP_MD5 >> > >> > config gives: >> > VENUS: unknown option "TCP_MD5" >> > >> > >> > I have this in /etc/ipsec.conf >> > >> > add 192.168.1.1 192.168.1.2 tcp 0x1000 -A tcp-md5 "[password]"; >> > >> > setkey -f /etc/ipsec.conf gives: >> > pfkey_open: Protocol not supported >> > >> > >> > What is the correct way for enabling TCP MD5 signatures on 5.4? >> >> When in doubt, check the two NOTES files. > > Thanks for your reply.. I've checked /usr/src/sys/i386/conf/NOTES but > can't see any mention of the options anymore.. Any other ideas? So that was one of the NOTES files, what about the other? Kris said to check the *two* NOTES files... $ grep MD5 /sys/i386/conf/NOTES /sys/conf/NOTES /sys/conf/NOTES:# TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are /sys/conf/NOTES:# This is enabled on a per-socket basis using the TCP_MD5SIG socket option. -- Jonathan Noack | noackjr@alumni.rice.edu | OpenPGP: 0x991D8195 --------------enigC59C9F9F115A8951FB5AFC73 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFClhnJUFz01pkdgZURAr1fAJ9YR2gHYKi3tcd5GmYHaLtuLFOZqACfdGLr yh/J/SuAvHGg6ngBu5AG9ic= =ma/N -----END PGP SIGNATURE----- --------------enigC59C9F9F115A8951FB5AFC73--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?429619C3.5040302>