JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: IP Services     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information


Part I TCP/IP Administration

1.  Planning an IPv4 Addressing Scheme (Tasks)

2.  Planning an IPv6 Addressing Scheme (Overview)

3.  Planning an IPv6 Network (Tasks)

4.  Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)

5.  Enabling IPv6 on a Network (Tasks)

6.  Administering a TCP/IP Network (Tasks)

7.  Configuring IP Tunnels

8.  Troubleshooting Network Problems (Tasks)

9.  TCP/IP and IPv4 in Depth (Reference)

10.  IPv6 in Depth (Reference)


11.  About DHCP (Overview)

12.  Planning for DHCP Service (Tasks)

13.  Configuring the DHCP Service (Tasks)

14.  Administering DHCP (Tasks)

15.  Configuring and Administering the DHCP Client

16.  Troubleshooting DHCP (Reference)

17.  DHCP Commands and Files (Reference)

Part III IP Security

18.  IP Security Architecture (Overview)

Introduction to IPsec

IPsec RFCs

IPsec Terminology

IPsec Packet Flow

IPsec Security Associations

Key Management in IPsec

IPsec Protection Mechanisms

Authentication Header

Encapsulating Security Payload

Security Considerations When Using AH and ESP

Authentication and Encryption Algorithms in IPsec

Authentication Algorithms in IPsec

Encryption Algorithms in IPsec

IPsec Protection Policies

Transport and Tunnel Modes in IPsec

Virtual Private Networks and IPsec

IPsec and NAT Traversal

IPsec and SCTP

IPsec and Solaris Zones

IPsec and Logical Domains

IPsec Utilities and Files

19.  Configuring IPsec (Tasks)

20.  IP Security Architecture (Reference)

21.  Internet Key Exchange (Overview)

22.  Configuring IKE (Tasks)

23.  Internet Key Exchange (Reference)

24.  IP Filter in Oracle Solaris (Overview)

25.   IP Filter (Tasks)

Part IV Networking Performance

26.  Integrated Load Balancer Overview

27.  Configuration of Integrated Load Balancer Tasks

28.  Virtual Router Redundancy Protocol (Overview)

29.  VRRP Configuration (Tasks)

30.  Implementing Congestion Control

Part V IP Quality of Service (IPQoS)

31.  Introducing IPQoS (Overview)

32.  Planning for an IPQoS-Enabled Network (Tasks)

33.  Creating the IPQoS Configuration File (Tasks)

34.  Starting and Maintaining IPQoS (Tasks)

35.  Using Flow Accounting and Statistics Gathering (Tasks)

36.  IPQoS in Detail (Reference)



IPsec Utilities and Files

Table 18-3 describes the files, commands, and service identifiers that are used to configure and manage IPsec. For completeness, the table includes key management files, socket interfaces, and commands.

For more information about service identifiers, see Chapter 11, Managing Services (Overview), in System Administration Guide: Basic Administration.

Table 18-3 List of Selected IPsec Utilities and Files

IPsec Utility, File, or Service
Man Page
The SMF service that manages IPsec algorithms.
The SMF service that manages manual security associations (SAs).
The SMF service that manages IPsec policy.
The SMF service for the automatic management of IPsec SAs.
/etc/inet/ipsecinit.conf file
IPsec policy file.

The SMF policy service uses this file to configure IPsec policy at system boot.

ipsecconf command
IPsec policy command. Useful for viewing and modifying the current IPsec policy, and for testing.

Is used by the SMF policy service to configure IPsec policy at system boot.

PF_KEY socket interface
Interface for the security associations database (SADB). Handles manual key management and automatic key management.
ipseckey command
IPsec SAs keying command. ipseckey is a command-line front end to the PF_KEY interface. ipseckey can create, destroy, or modify SAs.
/etc/inet/secret/ipseckeys file
Keys for IPsec SAs.

Is used by the SMF manual-key service to configure SAs manually at system boot.

ipsecalgs command
IPsec algorithms command. Useful for viewing and modifying the list of IPsec algorithms and their properties.

Is used by the SMF ipsecalgs service to synchronize known IPsec algorithms with the kernel at system boot.

/etc/inet/ipsecalgs file
Contains the configured IPsec protocols and algorithm definitions. This file is managed by the ipsecalgs command and must never be edited manually.
/etc/inet/ike/config file
IKE configuration and policy file. By default, this file does not exist. The management is based on rules and global parameters in the /etc/inet/ike/config file. See IKE Utilities and Files.

If this file exists, the svc:/network/ipsec/ike service starts the IKE daemon, in.iked, to provide automatic key management.