Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
63 lines (40 sloc) 1.67 KB

Installing tcpcrypt on FreeBSD


Enable ipfw and divert sockets, if you haven't already (reboot required):

echo 'firewall_enable="YES"' >> /etc/rc.conf
echo 'firewall_type="open"' >> /etc/rc.conf
echo 'ipfw_load="YES"' >> /boot/loader.conf
echo 'ipdivert_load="YES"' >> /boot/loader.conf

Tcpcrypt also requires OpenSSL >= 0.9.8, which is provided by the security/openssl port.


cd tcpcrypt

Optional: running make install will install libtcpcrypt and tcpcrypt headers, for building apps that use tcpcrypt's session ID.


The launch script starts tcpcryptd and sets up your firewall to send port 80 and 7777 packets through tcpcrypt:


With tcpcryptd running, open to try it out.

See launchers/freebsd for a FreeBSD rc script that loads tcpcryptd on system startup.

More info

See the included README.markdown file for more ways to try out tcpcrypt and for troubleshooting help.

Firewall setup

The included script sets up reasonable firewall rules, but for more complex setups, add your own divert rules.

For example, this will divert all TCP packets to tcpcryptd (on divert port 666), and it will be rule #1.

ipfw 01 add divert 666 tcp from any to any

It's important that tcpcrypt divert rules are high on the list since tcpcryptd modifies the packet quite a lot, including sequence numbers, so other items (e.g., natd) may get confused if tcpcryptd doesn't do its magic first.

You can’t perform that action at this time.