IPsec の構成およびリフレッシュのあとにポリシーを表示:
# pfedit /etc/inet/ipsecinit.conf # ipsecconf -c /etc/inet/ipsecinit.conf # svcadm refresh ipsec/policy # ipsecconf -Ln
# pfedit -s /etc/inet/secret/ipseckeys # svcadm enable ipsec/manual-key
IKEv2 の構成および有効化:
# pfedit /etc/inet/ike/ikev2.config # /usr/lib/inet/in.ikev2d -c # svcadm enable ipsec/ike:ikev2
IKEv1 の構成および有効化:
# pfedit /etc/inet/ike/config # /usr/lib/inet/in.iked -c # svcadm enable ipsec/ike:default
IPsec および IKE が有効になっているシステム上でそれらのサービスが構成されていることを確認:
# ipsecconf -Ln # ikeadm -v2 dump rule # ikeadm set priv keymat # ikeadm -v1 dump rule
鍵管理の変更:
IKEv2 の場合:
# pfedit /etc/inet/ike/ikev2.config # /usr/lib/inet/in.ikev2d -c # svcadm restart ipsec/ike:ikev2
IKEv1 の場合:
# pfedit /etc/inet/ike/config # /usr/lib/inet/in.iked -c # svcadm restart ipsec/ike:default
手動鍵管理の場合:
# pfedit -s /etc/inet/secret/ipseckeys # ipseckey -c /etc/inet/secret/ipseckeys # svcadm refresh ipsec/manual-key
IPsec および IKE の構成可能なプロパティーの変更:
IPsec サービス:
# svccfg -s ipsec/policy setprop config/property = value # svcadm refresh ipsec/policy; svcadm restart ipsec/policy
IKEv2 サービス:
# svccfg -s ike:ikev2 editprop # svcadm refresh ipsec/ike:ikev2; svcadm restart ipsec/ike:ikev2
IKEv1 サービス:
# svccfg -s ipsec/ike setprop config/property = value # svcadm refresh ipsec/ike:ikev2; svcadm restart ipsec/ike:ikev2
手動鍵サービス:
# svccfg -s ipsec/manual-key setprop config/property = value # svcadm refresh ipsec/manual-key; svcadm restart ipsec/manual-key
IKEv2 の事前共有鍵の構成。
# pfedit -s /etc/inet/ike/ikev2.preshared # /usr/lib/inet/in.ikev2d -c # svcadm restart ikev2
# pfedit -s /etc/inet/secret/ike.preshared # svcadm restart ike