System Administration Guide: IP Services

IPsec Utilities and Files

Table 18–3 describes the files, commands, and service identifiers that are used to configure and manage IPsec. For completeness, the table includes key management files, socket interfaces, and commands.

For more information about service identifiers, see Chapter 16, Managing Services (Overview), in System Administration Guide: Basic Administration.

For instructions on implementing IPsec on your network, see Protecting Traffic With IPsec (Task Map).
For more details about IPsec utilities and files, see Chapter 20, IP Security Architecture (Reference).

Table 18–3 List of Selected IPsec Utilities and Files


IPsec Utility, File, or Service	Description	Man Page
`svc:/network/ipsec/ipsecalgs`	The SMF service that manages IPsec algorithms.	smf(5), ipsecalgs(1M)
`svc:/network/ipsec/manual-key`	The SMF service that manages manual security associations (SAs).	smf(5), ipseckey(1M)
`svc:/network/ipsec/policy`	The SMF service that manages IPsec policy.	smf(5), ipsecconf(1M)
`svc:/network/ipsec/ike`	The SMF service for the automatic management of IPsec SAs.	smf(5), in.iked(1M)
`/etc/inet/ipsecinit.conf` file	IPsec policy file. The SMF `policy` service uses this file to configure IPsec policy at system boot.	ipsecconf(1M)
`ipsecconf` command	IPsec policy command. Useful for viewing and modifying the current IPsec policy, and for testing. Is used by the SMF `policy` service to configure IPsec policy at system boot.	ipsecconf(1M)
`PF_KEY` socket interface	Interface for the security associations database (SADB). Handles manual key management and automatic key management.	pf_key(7P)
`ipseckey` command	IPsec SAs keying command. `ipseckey` is a command-line front end to the `PF_KEY` interface. `ipseckey` can create, destroy, or modify SAs.	ipseckey(1M)
`/etc/inet/secret/ipseckeys` file	Keys for IPsec SAs. Is used by the SMF `manual-key` service to configure SAs manually at system boot.
`ipsecalgs` command	IPsec algorithms command. Useful for viewing and modifying the list of IPsec algorithms and their properties. Is used by the SMF `ipsecalgs` service to synchronize known IPsec algorithms with the kernel at system boot.	ipsecalgs(1M)
`/etc/inet/ipsecalgs` file	Contains the configured IPsec protocols and algorithm definitions. This file is managed by the `ipsecalgs` command and must never be edited manually.
`/etc/inet/ike/config` file	IKE configuration and policy file. By default, this file does not exist. The management is based on rules and global parameters in the `/etc/inet/ike/config` file. See IKE Utilities and Files. If this file exists, the `svc:/network/ipsec/ike` service starts the IKE daemon, `in.iked`, to provide automatic key management.	ike.config(4)