IKEv2 Utilities and Files

Language:

The following table summarizes the configuration files for IKEv2 policy, the storage locations for IKEv2 keys, and the various commands and services that implement IKEv2. For more about services, see Chapter 1, Introduction to the Service Management Facility, in Managing System Services in Oracle Solaris 11.2 .

Table 12-1 IKEv2 Service Name, Commands, Configuration and Key Storage Locations, and Hardware Devices

File, Location, Command, or Service	Description	Man Page
`svc:/network/ipsec/ike:ikev2`	The SMF service that manages IKEv2.	`smf`(5)
`/usr/lib/inet/in.ikev2d`	Internet Key Exchange (IKE) daemon. Activates automated key management when the `ike:ikev2` service is enabled.	`in.ikev2d`(1M)
`/usr/sbin/ikeadm [-v 2]`	IKE administration command for viewing and temporarily modifying the IKEv2 policy. Enables you to view IKEv2 administrative objects, such as available Diffie-Hellman groups.	`ikeadm`(1M)
`/usr/sbin/ikev2cert`	Certificate database management command for creating and storing public key certificates as the configuration owner, `ikeuser`. Calls the `pktool` command.	`ikev2cert`(1M) `pktool`(1)
`/etc/inet/ike/ikev2.config`	Default configuration file for the IKEv2 policy. Contains the site's rules for matching inbound IKEv2 requests and preparing outbound IKEv2 requests. If this file exists, the `in.ikev2d` daemon starts when the `ike:ikev2` service is enabled. You can change the location of this file by using the `svccfg` command.	`ikev2.config`(4)
`/etc/inet/ike/ikev2.preshared`	Contains secret keys that two IKEv2 instances that are not using certificate-based authentication can use to authenticate each other.	`ikev2.preshared`(4)
softtoken keystore	Contains the private keys and public key certificates for IKEv2, owned by `ikeuser`.	`pkcs11_softtoken`(5)