To support IPsec, the following security options have been added to the ifconfig(1M) command:
This option enables IPsec AH for a tunnel, with the authentication algorithm specified. The auth_algs option has the following format:
auth_algs authentication_algorithm |
The algorithm can be either a number or an algorithm name, including the parameter any, to express no specific algorithm preference. You must specify all IPsec tunnel properties on the same command line. To disable tunnel security, specify the following option:
auth_alg none |
See Table 19–1 for a list of available authentication algorithms and for pointers to the algorithm man pages.
This option enables IPsec ESP for a tunnel, with the authentication algorithm specified. The encr_auth_algs option has the following format:
encr_auth_algs authentication_algorithm |
For the algorithm, you can specify either a number or an algorithm name, including the parameter any, to express no specific algorithm preference. If you specify an ESP encryption algorithm, but you do not specify the authentication algorithm, the ESP authentication algorithm value defaults to the parameter, any.
See Table 19–1 for a list of available authentication algorithms and for pointers to the algorithm man pages.
This option enables IPsec ESP for a tunnel with the encryption algorithm specified. The option has the following format:
encr_algs encryption_algorithm |
For the algorithm, you can specify either a number or an algorithm name. You must specify all IPsec tunnel properties on the same command line. To disable tunnel security, specify the following option:
encr_alg none |
If you specify an ESP authentication algorithm, but not an encryption algorithm, the ESP encryption value defaults to the parameter null.
See the ipsecesp(7P) man page or Table 19–2 for a list of available encryption algorithms and for pointers to the algorithm man pages.