IPsec Configuration Commands and Files
Table 6–2 describes
the files, commands, and service identifiers that are used to configure and
manage IPsec. For completeness, the table includes key management files, socket
interfaces, and commands.
For more information about service identifiers, see Chapter 1, Introduction to the Service Management Facility, in Managing System Services in Oracle Solaris 11.2
.
For instructions on implementing IPsec on your network, see Protecting Network Traffic With IPsec.
For more details about IPsec utilities and files, see Chapter 12, IPsec and Key Management Reference.
Table 6-2 Selected
IPsec Configuration Commands and Files
| | |
svc:/network/ipsec/ipsecalgs
| The SMF service that manages IPsec algorithms.
|
|
svc:/network/ipsec/manual-key
| The SMF service that manages manually keyed IPsec SAs.
|
|
svc:/network/ipsec/policy
| The SMF service that manages IPsec policy.
|
|
svc:/network/ipsec/ike:ikev2,
svc:/network/ipsec/ike:default
| The SMF service instances for the automatic management of IPsec SAs by using IKE.
|
|
/etc/inet/ipsecinit.conf file
|
Used by the SMF policy service to configure
IPsec policy at system boot.
|
|
ipsecconf command
| IPsec policy command. Useful for viewing and modifying the current
IPsec policy, and for testing.
Used by the SMF policy service to configure IPsec
policy at system boot.
|
|
PF_KEY socket interface
| Interface for the security associations
database (SADB). Handles manual key management and automatic key management.
|
|
ipseckey command
| IPsec SAs keying command. ipseckey is a command-line
front end to the PF_KEY interface. ipseckey can
create, destroy, or modify SAs.
|
|
/etc/inet/secret/ipseckeys file
|
Contains manually
keyed SAs.
Used by the SMF manual-key service to configure
SAs manually at system boot.
|
|
ipsecalgs command
| IPsec algorithms
command. Useful for viewing and modifying the list of IPsec algorithms and
their properties.
Used by the SMF ipsecalgs service to synchronize
known IPsec algorithms with the kernel at system boot.
|
|
/etc/inet/ipsecalgs file
| Contains the configured IPsec mechanisms and algorithm definitions. This
file is managed by the ipsecalgs command and must never
be edited manually.
|
|
/etc/inet/ike/ikev2.config file
|
IKEv2 configuration and policy file. Key
management is based on rules and global parameters from this file. See IKEv2 Utilities and Files.
|
|
/etc/inet/ike/config file
|
IKEv1 configuration and policy file. By default, this file does not exist. Key management is based on rules and global
parameters from this file. See IKEv1 Utilities and Files.
If this file exists, the svc:/network/ipsec/ike:default service starts the
IKEv1 daemon, in.iked.
|
|
|