Securing the Network in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

IKEv2 Utilities and Files

The following table summarizes the configuration files for IKEv2 policy, the storage locations for IKEv2 keys, and the various commands and services that implement IKEv2. For more about services, see Chapter 1, Introduction to the Service Management Facility, in Managing System Services in Oracle Solaris 11.2 .

Table 12-1  IKEv2 Service Name, Commands, Configuration and Key Storage Locations, and Hardware Devices
File, Location, Command, or Service
Man Page
The SMF service that manages IKEv2.
Internet Key Exchange (IKE) daemon. Activates automated key management when the ike:ikev2 service is enabled.
/usr/sbin/ikeadm [-v 2]
IKE administration command for viewing and temporarily modifying the IKEv2 policy. Enables you to view IKEv2 administrative objects, such as available Diffie-Hellman groups.
Certificate database management command for creating and storing public key certificates as the configuration owner, ikeuser. Calls the pktool command.
Default configuration file for the IKEv2 policy. Contains the site's rules for matching inbound IKEv2 requests and preparing outbound IKEv2 requests.
If this file exists, the in.ikev2d daemon starts when the ike:ikev2 service is enabled. You can change the location of this file by using the svccfg command.
Contains secret keys that two IKEv2 instances that are not using certificate-based authentication can use to authenticate each other.
softtoken keystore
Contains the private keys and public key certificates for IKEv2, owned by ikeuser.