Leo,
Thanks for answer.
As for 11.1 IPSEC is already enabled in GENERIC, so I had to add only
TCP_SIGNATURE.
After I'd installed new kernel, BGP auth started working without adding
ipsec-related stuff to rc.conf or altering setkey.conf
> On 23 Mar 2018, at 15:37, Leo Vandewoestijne wrote:
On Fri, 23 Mar 2018, Peter Andreev wrote:
> Is it still necessary to build custom kernel to get md5 auth working?
>
I'm pretty sure, yes.
The only way I got it working in 11.1 i.c.w. 1.6.x was:
# kernel config
options IPSEC
options TCP_SIGNATURE
# /etc/rc.conf
ipsec_enable="YES"
ipsec_program="
Hi,
Is it still necessary to build custom kernel to get md5 auth working?
I got message "Error: Kernel MD5 auth failed” on FreeBSD 11.1 and bird 1.6.3.
--
Peter Andreev MSK-IX/RIPN
+7 (495) 737-0685DNS Network Operational Center
+7 (499) 192-9179
