test

System Administration Guide: IP Services

ProcedureHow to Manage IKE and IPsec Services

The following steps provide the most likely uses of the SMF services for IPsec, IKE, and manual key management. By default, the policy and ipsecalgs services are enabled. Also by default, the ike and manual-key services are disabled.

  1. To manage IPsec policy, do one of the following:

    • After adding new policies to the ipsecinit.conf file, refresh the policy service.


      # svcadm refresh svc:/network/ipsec/policy

    • After changing the value of a service property, view the property value, then refresh and restart the policy service.


      # svccfg -s policy setprop config/config_file=/etc/inet/MyIpsecinit.conf
# svcprop -p config/config_file policy
/etc/inet/MyIpsecinit.conf
# svcadm refresh svc:/network/ipsec/policy
# svcadm restart svc:/network/ipsec/policy

  2. To automatically manage keys, do one of the following:

    • After adding entries to the /etc/inet/ike/config file, enable the ike service.


      # svcadm enable svc:/network/ipsec/ike

    • After changing entries in the /etc/inet/ike/config file, refresh the ike service.


      # svcadm refresh svc:/network/ipsec/ike

    • After changing the value of a service property, view the property value, then refresh and restart the service.


      # svccfg -s ike setprop config/admin_privilege=modkeys
# svcprop -p config/admin_privilege ike
modkeys
# svcadm refresh svc:/network/ipsec/ike
# svcadm restart svc:/network/ipsec/ike

    • To stop the ike service, disable it.


      # svcadm disable svc:/network/ipsec/ike

  3. To manually manage keys, do one of the following:

    • After adding entries to the /etc/inet/secret/ipseckeys file, enable the manual-key service.


      # svcadm enable svc:/network/ipsec/manual-key

    • After changing the ipseckeys file, refresh the service.


      # svcadm refresh manual-key

    • After changing the value of a service property, view the property value, then refresh and restart the service.


      # svccfg -s manual-key setprop config/config_file=/etc/inet/secret/MyIpseckeyfile
# svcprop -p config/config_file manual-key
/etc/inet/secret/MyIpseckeyfile
# svcadm refresh svc:/network/ipsec/manual-key
# svcadm restart svc:/network/ipsec/manual-key

    • To prevent manual key management, disable the manual-key service.


      # svcadm disable svc:/network/ipsec/manual-key

  4. If you modify the IPsec protocols and algorithms table, refresh the ipsecalgs service.


    # svcadm refresh svc:/network/ipsec/ipsecalgs
Troubleshooting

Use the svcs service command to find the status of a service. If the service is in maintenance mode, follow the debugging suggestions in the output of the svcs -x service command.