IPsec and IKE Are Managed as SMF Services
This networking enhancement is new in the Developer 9/07 release.
Starting with this release, the service management facility (SMF) manages IPsec and IKE as a set of services:
-
svc:/network/ipsec/policy:default
-
svc:/network/ipsec/ipsecalgs:default
-
svc:/network/ipsec/manual-key:default
-
svc:/network/ipsec/ike:default
By default, the policy and ipsecalgs services are enabled, and the manual-key and ike services are disabled. For traffic to be protected by IPsec, configure either manual keying or IKE, and populate the /etc/inet/ipsecinit.conf file. This enables the appropriate key management service before refreshing the policy service. For more information, see Chapter 19, IP Security Architecture (Overview), in System Administration Guide: IP Services.
The Network IPsec Management profile is added for managing IPsec in a role. Also, the ipsecconf and ipseckey commands can check the syntax of their respective configuration files. For more information, see the ipsecconf(1M) and ipseckey(1M) man pages.
- © 2010, Oracle Corporation and/or its affiliates