IKE Daemon

The in.iked(1M) daemon automates the management of cryptographic keys for IPsec on a Solaris host. The daemon negotiates with a remote host that is running the same protocol to provide authenticated keying materials for security associations in a protected manner. The daemon must be running on all hosts that plan to communicate securely.

The IKE daemon is automatically loaded at boot time if the configuration file for IKE policy, /etc/inet/ike/config, exists. The daemon checks the syntax of the configuration file.

When the IKE daemon runs, the system authenticates itself to its peer IKE entity in Phase 1. The peer is defined in the IKE policy file, as are the authentication methods. The daemon then establishes the keys for the session in Phase 2. At an interval specified in the policy file, the IKE keys are refreshed automatically. The in.iked daemon listens for incoming IKE requests from the network and for requests for outbound traffic through the PF_KEY socket. See the pf_key(7P) man page for more information.

Two programs support the IKE daemon. The ikeadm(1M) command enables the administrator to view IKE policy. You can also use the command to modify IKE policy. The ikecert(1M) command enables the administrator to view and manage the public-key databases, ike.privatekeys and publickeys.