System Administration Guide, Volume 3

Global Policy Setter

You use the ipsecconf(1M) command to configure the IPsec policy for a host. After you configure the policy, IPsec subjects all outbound and inbound datagrams to policy checks as they exit and enter the host. If no entries are found, no policy checks are completed, and all the traffic passes through. Forwarded datagrams are not subjected to policy checks added using this command. See ifconfig(1M) and tun(7M) for information on how to protect forwarded packets. You can use the ifconfig command to delete a policy entry from the /etc/inet/ipsecpolicy.conf file, or to view the existing configuration.

You must become superuser to invoke this command. Each entry protects traffic in only one direction, that is, either outbound or inbound. Thus, to protect traffic in both directions, you need to have separate entries for each direction.

You can see the policies configured in the system when you issue the command without any arguments. The command displays each entry with an index followed by a number. You can use the -d option with the index to delete a given policy in the system. The command displays the entries in the order that they were added, which is not necessarily the order in which the traffic match takes place. To view the order in which the traffic match takes place, use the -l option.

IPsec does not preserve policy entries across reboots. Thus, you need to add the policy every time the system reboots. To configure policies early in the boot process, you can set up policies in the /etc/inet/ipsecinit.conf file, so that the inetinit startup script reads them.

Security Considerations

If, for example, the /etc/inet/ipsecpolicy.conf file is sent from an NFS mounted file system, an adversary can modify the data contained in the file and actually make changes to the configured policy. Consequently, you should not transmit a copy of the /etc/inet/ipsecpolicy.conf file over a network.

Policy is latched for TCP/UDP sockets on which a connect(3N) or accept(3N) has been issued. Adding new policy entries does not have any effect on them. This latching feature might change in the future, so you should not depend on this feature.

Make sure you set up the policies before starting any communications, because existing connections might be affected by the addition of new policy entries. Similarly, do not change policies in the middle of a communication.

If your source address is a host that can be looked up over the network, and your naming system itself is compromised, then any names used are no longer trustworthy.

Security weaknesses often lie in misapplication of tools, not the tools themselves. You should be cautious when using ipseckey. Use a console for the safest mode of operation, or other hard-connected TTY.