IPsec Configuration Commands and Files

Language:

Table 6, Selected IPsec Configuration Commands and Files describes the files, commands, and service identifiers that are used to configure and manage IPsec. For completeness, the table includes key management files, socket interfaces, and commands.

For more information about service identifiers, see Chapter 1, Introduction to the Service Management Facility in Managing System Services in Oracle Solaris 11.4.

For instructions on implementing IPsec on your network, see Protecting Network Traffic With IPsec.

For more details about IPsec utilities and files, see IPsec and Key Management Reference.

Table 6 Selected IPsec Configuration Commands and Files

IPsec Command, File, or Service	Description	Man Page
`svc:/network/ipsec/ipsecalgs`	The SMF service that manages IPsec algorithms.	`ipsecalgs`(8)
`svc:/network/ipsec/manual-key`	The SMF service that manages manually keyed IPsec SAs.	`ipseckey`(8)
`svc:/network/ipsec/policy`	The SMF service that manages IPsec policy.	`smf`(7), `ipsecconf`(8)
`svc:/network/ipsec/ike:ikev2`, `svc:/network/ipsec/ike:default`	The SMF service instances for the automatic management of IPsec SAs by using IKE.	`smf`(7), `in.ikev2d`(8), `in.iked`(8)
`/etc/inet/ipsecinit.conf` file	IPsec policy file. Used by the SMF `policy` service to configure IPsec policy at system boot.	`ipsecconf`(8)
`ipsecconf` command	IPsec policy command. Useful for viewing and modifying the current IPsec policy, and for testing. Used by the SMF `policy` service to configure IPsec policy at system boot.	`ipsecconf`(8)
`PF_KEY` socket interface	Interface for the security associations database (SADB). Handles manual key management and automatic key management.	`pf_key`(4P)
`ipseckey` command	IPsec SAs keying command. `ipseckey` is a command-line front end to the `PF_KEY` interface. `ipseckey` can create, destroy, or modify SAs.	`ipseckey`(8)
`/etc/inet/secret/ipseckeys` file	Contains manually keyed SAs. Used by the SMF `manual-key` service to configure SAs manually at system boot.
`ipsecalgs` command	IPsec algorithms command. Useful for viewing and modifying the list of IPsec algorithms and their properties. Used by the SMF `ipsecalgs` service to synchronize known IPsec algorithms with the kernel at system boot.	`ipsecalgs`(8)
`/etc/inet/ipsecalgs` file	Contains the configured IPsec mechanisms and algorithm definitions. This file is managed by the `ipsecalgs` command and must never be edited manually.
`/etc/inet/ike/ikev2.config` file	IKEv2 configuration and policy file. Key management is based on rules and global parameters from this file. See IKEv2 Utilities and Files.	`ikev2.config`(5)
`/etc/inet/ike/config` file	IKEv1 configuration and policy file. By default, this file does not exist. Key management is based on rules and global parameters from this file. See IKEv1 Utilities and Files. If this file exists, the `svc:/network/ipsec/ike:default` service starts the IKEv1 daemon, `in.iked`.	`ike.config`(5)