-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 fredrik danerklint wrote:
Hi!
The manual page says:
password string Use this password for MD5 authentication of BGP sessions. Default: no authentication. Password has to be set by external utility (e.g. setkey(8)) on BSD systems.
Can someone provide me with an example of how that does work?
Presently you need to add options TCP_SIGNATURE options IPSEC device crypto to your kernel configuration After that, TCP MD5 can be configured on per-host basis: 9:55 [1] zfscurr0# echo add 10.0.0.92 10.0.0.5 tcp 0x1000 -A tcp-md5 \"secret\" \; | setkey -c 9:55 [1] zfscurr0# setkey -D 10.0.0.92 10.0.0.5 tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000) A: tcp-md5 73656372 6574 seq=0x00000000 replay=0 flags=0x00000040 state=mature created: Aug 22 09:55:06 2011 current: Aug 22 09:55:12 2011 diff: 6(s) hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=0 pid=1005 refcnt=1 Please see setkey(8) for more information -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5R74sACgkQwcJ4iSZ1q2nQBwCggHj3/NUKoQ6wvSBfQHcKnHAX 6D8AoKBwKBA8fvHGZDBZ3IrT8+kIduqr =14zM -----END PGP SIGNATURE-----