Configuring and refreshing IPsec, then viewing policy:
# pfedit /etc/inet/ipsecinit.conf # ipsecconf -c /etc/inet/ipsecinit.conf # svcadm refresh ipsec/policy # ipsecconf -Ln
Configuring and enabling manual keys for IPsec:
# pfedit -s /etc/inet/secret/ipseckeys # svcadm enable ipsec/manual-key
Configuring and enabling IKEv2:
# pfedit /etc/inet/ike/ikev2.config # /usr/lib/inet/in.ikev2d -c # svcadm enable ipsec/ike:ikev2
Configuring and enabling IKEv1:
# pfedit /etc/inet/ike/config # /usr/lib/inet/in.iked -c # svcadm enable ipsec/ike:default
Verifying that IPsec and IKE are configured on a system where the services are enabled:
# ipsecconf -Ln # ikeadm -v2 dump rule # ikeadm set priv keymat # ikeadm -v1 dump rule
Modifying key management:
For IKEv2:
# pfedit /etc/inet/ike/ikev2.config # /usr/lib/inet/in.ikev2d -c # svcadm restart ipsec/ike:ikev2
For IKEv1:
# pfedit /etc/inet/ike/config # /usr/lib/inet/in.iked -c # svcadm restart ipsec/ike:default
For manual key management:
# pfedit -s /etc/inet/secret/ipseckeys # ipseckey -c /etc/inet/secret/ipseckeys # svcadm refresh ipsec/manual-key
Modifying IPsec and IKE configurable properties:
IPsec service:
# svccfg -s ipsec/policy setprop config/property = value # svcadm refresh ipsec/policy; svcadm restart ipsec/policy
IKEv2 service:
# svccfg -s ike:ikev2 editprop # svcadm refresh ipsec/ike:ikev2; svcadm restart ipsec/ike:ikev2
IKEv1 service:
# svccfg -s ipsec/ike setprop config/property = value # svcadm refresh ipsec/ike:ikev2; svcadm restart ipsec/ike:ikev2
Manual keys service:
# svccfg -s ipsec/manual-key setprop config/property = value # svcadm refresh ipsec/manual-key; svcadm restart ipsec/manual-key
Configuring preshared keys for IKEv2:
# pfedit -s /etc/inet/ike/ikev2.preshared # /usr/lib/inet/in.ikev2d -c # svcadm restart ikev2
Configuring preshared keys for IKEv1:
# pfedit -s /etc/inet/secret/ike.preshared # svcadm restart ike