IKEv2 Utilities and Files
The following table summarizes the configuration files for IKEv2 policy,
the storage locations for IKEv2 keys, and the various commands and services
that implement IKEv2. For more about services, see Chapter 1, Introduction to the Service Management Facility, in Managing System Services in Oracle Solaris 11.2
.
Table 12-1 IKEv2 Service Name, Commands, Configuration and Key Storage Locations, and Hardware Devices
| | |
svc:/network/ipsec/ike:ikev2
| The SMF service that manages IKEv2.
|
|
/usr/lib/inet/in.ikev2d
| Internet Key Exchange (IKE) daemon. Activates automated
key management when the ike:ikev2 service is enabled.
|
|
/usr/sbin/ikeadm [-v 2]
| IKE administration
command for viewing and temporarily modifying the IKEv2 policy. Enables you
to view IKEv2 administrative objects, such as available Diffie-Hellman groups.
|
|
/usr/sbin/ikev2cert
| Certificate
database management command for creating and storing public key certificates
as the configuration owner, ikeuser. Calls the pktool command.
|
|
/etc/inet/ike/ikev2.config
| Default configuration file for the IKEv2 policy. Contains the
site's rules for matching inbound IKEv2 requests and preparing outbound IKEv2 requests.
If this file exists, the in.ikev2d daemon starts
when the ike:ikev2 service is enabled. You can change the location of
this file by using the svccfg command.
|
|
/etc/inet/ike/ikev2.preshared
| Contains secret keys that two IKEv2 instances that
are not using certificate-based authentication can use to authenticate each
other.
|
|
softtoken keystore
| Contains the private keys and public key
certificates for IKEv2, owned by ikeuser.
|
|
|