1551944a2SBjoern A. Zeeb 2551944a2SBjoern A. ZeebTo test tcp-md5 do: 3551944a2SBjoern A. Zeeb 4551944a2SBjoern A. Zeeb* compile and install kernel with TCP_SIGNATURE support 5551944a2SBjoern A. Zeeb 6551944a2SBjoern A. Zeeb* add this to /etc/ipsec.conf (the md5 'secret' is just a sample) 7551944a2SBjoern A. Zeeb add 127.0.0.1 127.0.0.1 tcp 0x1000 -A tcp-md5 "0e3a9ac42ceca8260f1d6fbc46a9707c"; 8551944a2SBjoern A. Zeeb 9551944a2SBjoern A. Zeeb* enable it in /etc/rc.conf with 10551944a2SBjoern A. Zeeb ipsec_enable="YES" 11551944a2SBjoern A. Zeeb and apply it with sh /etc/rc.d/ipsec start 12551944a2SBjoern A. Zeeb 13551944a2SBjoern A. Zeeb [ off course you can also manually add it using setkey(8) ] 14551944a2SBjoern A. Zeeb 15551944a2SBjoern A. Zeeb* compile tcpconnect in here running: 16551944a2SBjoern A. Zeeb make 17551944a2SBjoern A. Zeeb 18551944a2SBjoern A. Zeeb* start tcpdump (secret as above, port is just a sample): 19551944a2SBjoern A. Zeeb tcpdump -l -n -i lo0 -s 0 -M "0e3a9ac42ceca8260f1d6fbc46a9707c" tcp and port 2345 20551944a2SBjoern A. Zeeb 21551944a2SBjoern A. Zeeb* run the server (use same port as given to tcpdump): 22551944a2SBjoern A. Zeeb ./tcpconnect server 2345 23551944a2SBjoern A. Zeeb 24551944a2SBjoern A. Zeeb* run the client (use same port as given to tcpdump): 25551944a2SBjoern A. Zeeb ./tcpconnect client 127.0.0.1 2345 1 tcpmd5 26551944a2SBjoern A. Zeeb 27551944a2SBjoern A. Zeeb* check tcpdump output 28551944a2SBjoern A. Zeeb 29551944a2SBjoern A. Zeeb# end 30