Example—Securing Traffic Between Systems Without Rebooting
The following example describes how to test that the traffic between two systems is secure. In a production environment, it is safer to reboot than to run the ipsecconf command.
Instead of rebooting at Step 5 of How to Secure Traffic Between Two Systems, do one of the following options.
-
If you used IKE to create keying material, stop and then restart the in.iked daemon.
# pkill in.iked # /usr/lib/inet/in.iked
-
If you added keys manually, use the ipseckey command to add the SAs to the database. Then activate the IPsec policy with the ipsecconf command.
# ipseckey -f /etc/inet/secret/ipseckeys # ipsecconf -a /etc/inet/ipsecinit.conf
Caution – Read the warning when you execute the ipsecconf command. A socket that is already latched, that is, the socket is in use, provides an unsecured back door into the system. For more extensive discussion, see Security Considerations for ipsecinit.conf and ipsecconf.
- © 2010, Oracle Corporation and/or its affiliates