Securing the Network in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

IKEv2 Daemon

The in.ikev2d daemon automates the management of cryptographic keys for IPsec on an Oracle Solaris system. The daemon negotiates with a remote system that is running the same protocol to provide authenticated keying materials for security associations (SAs) in a protected manner. The daemon must be running on all systems that plan to use IPsec to protect communications by using the IKEv2 protocol.

By default, the svc:/network/ipsec/ike:ikev2 service is not enabled. After you have configured the /etc/inet/ike/ikev2.config file and enabled the ike:ikev2 service instance, SMF starts the in.ikev2d daemon at system boot.

When the IKEv2 daemon runs, the system authenticates itself to its peer IKEv2 entity and establishes the session keys. At an interval specified in the configuration file, the IKE keys are replaced automatically. The in.ikev2d daemon listens for incoming IKE requests from the network and for requests for outbound traffic through the PF_KEY socket. For more information, see the pf_key(7P) man page.

Two commands support the IKEv2 daemon. The ikeadm command can be used to view the IKE policy. For more information, see ikeadm Command for IKEv2. The ikev2cert command enables you to view and manage public and private key certificates. For more information, see IKEv2 ikev2cert Command.