> You are setting the keys with setkey for both directions of a single session, > right? > i.e.: > > add X.X.X.X Y.Y.Y.Y tcp 0x1000 -A tcp-md5 "SomePass"; > add Y.Y.Y.Y X.X.X.X tcp 0x1000 -A tcp-md5 "SomePass"; > > As before it was only needed to set the "outgoing" direction key, which > should not work anymore unless > net.inet.tcp.signature_verify_input is zero.
Are you sure? I have net.inet.tcp.signature_verify_input = 1 and only one line in /etc/ipsec.conf for each BGP session using MD5 keys, on 8.2-STABLE. Steinar Haug, Nethelp consulting, sth...@nethelp.no _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
