Securing the Network in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

IKEv2 Configuration Choices

The /etc/inet/ike/ikev2.config configuration file contains the configuration for the in.ikev2d daemon. The configuration consists of a number of rules. Each entry contains parameters such as algorithms and authentication data that this system can use with a similarly configured IKEv2 peer.

The in.ikev2d daemon supports preshared keys (PSK) and public key certificates for identity.

    The ikev2.config(4) man page provides sample rules. Each rule must have a unique label. The following is a list of the descriptive labels of sample rules from the man page:

  • IP identities and PSK auth

  • IP address prefixes and PSK auth

  • IPv6 address prefixes and PSK auth

  • Certificate auth with DN identities

  • Certificate auth with many peer ID types

  • Certificate auth with wildcard peer IDs

  • Override transforms

  • Mixed auth types

  • Wildcard with required signer

Note - A preshared key can be used with any one of many peer ID types, including IP addresses, DNs, FQDNs, and email addresses.