Securing the Network in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

Key Management in IPsec

The Internet Key Exchange (IKE) protocol handles key management for IPsec automatically. IPsec SAs can also be managed manually with the ipseckey command, but IKE is recommended. For more information, see Key Management for IPsec Security Associations.

    The Service Management Facility (SMF) feature of Oracle Solaris provides the following key management services for IPsec:

  • svc:/network/ipsec/ike service – The SMF service for automatic key management. The ike service has two instances. The ike:ikev2 service instance runs the in.ikev2d daemon (IKEv2) to provide automatic key management. The ike:default service runs the in.iked daemon (IKEv1). For a description of IKE, see Chapter 8, About Internet Key Exchange. For more information about the daemons, see the in.ikev2d (1M) and in.iked (1M) man pages.

  • svc:/network/ipsec/manual-key:default service – The SMF service for manual key management. The manual-key service runs the ipseckey command with various options to manage keys manually. For a description of the ipseckey command, see the ipseckey (1M) man page.