IPsec Utilities and Files
Table 19-3 describes the files and commands that are used to configure and manage
IPsec. For completeness, the table includes key management files and commands.
Table 19-3 List of Selected IPsec Files and Commands
IPsec Utility or File |
Description |
Man Page |
|---|
/etc/inet/ipsecinit.conf file |
IPsec policy file. If this file exists,
IPsec is activated at boot time. |
ipsecconf(1M) |
ipsecconf command |
IPsec policy command. The boot scripts use
ipsecconf to read the /etc/inet/ipsecinit.conf file and activate IPsec. Useful for viewing and modifying
the current IPsec policy, and for testing. |
ipsecconf(1M) |
PF_KEY socket interface |
Interface for security associations
database (SADB). Handles manual key management and automatic key management. |
pf_key(7P) |
ipseckey command |
IPsec security associations
(SAs) keying command. ipseckey is a command-line front end to the PF_KEY interface.
ipseckey can create, destroy, or modify SAs. |
ipseckey(1M) |
/etc/inet/secret/ipseckeys file |
Keys for IPsec SAs. If
the ipsecinit.conf file exists, the ipseckeys file is automatically read at boot time. |
|
ipsecalgs command |
IPsec
algorithms command. Useful for viewing and modifying the list of IPsec algorithms and
their properties. |
ipsecalgs(1M) |
/etc/inet/ipsecalgs file |
Contains the configured IPsec protocols and algorithm definitions. This file is
managed by the ipsecalgs utility and must never be edited manually. |
|
/etc/inet/ike/config file |
IKE configuration
and policy file. If this file exists, the IKE daemon, in.iked, provides automatic
key management. The management is based on rules and global parameters in the
/etc/inet/ike/config file. See IKE Utilities and Files. |
ike.config(4) |
