/etc/inet/ike/ikev2.config 配置文件包含 in.ikev2d 守护进程的配置。配置由若干条规则构成。每项均包含此系统可以与采用类似配置的 IKEv2 对等方一起使用的参数,例如算法和验证数据。
in.ikev2d 守护进程支持使用预先共享的密钥 (preshared key, PSK) 和公钥证书来验证身份。
ikev2.config(4) 手册页提供了规则样例。每条规则必须都有唯一标签。下表列出了手册页中规则样例的描述性标签:
IP identities and PSK auth
IP address prefixes and PSK auth
IPv6 address prefixes and PSK auth
Certificate auth with DN identities
Certificate auth with many peer ID types
Certificate auth with wildcard peer IDs
Override transforms
Mixed auth types
Wildcard with required signer