Current File : //etc/inet/ike/ikev2.config

#
# Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
#

#
# ikev2.config - Configuration file for the IKEv2 daemon
#
# This file should be edited using pfedit(1M) as a user assigned
# "Network IPsec Management" profile. It is not recommended to edit this
# file directly as root. pfedit(1M) will preserve the correct ownership
# of this file as userid "ikeuser".
#
# See rbac(5) for information on assigning a rights profile to delegate
# administrative control.
#
# This file contains a very simple example of a configuration file for
# the IKEv2 daemon. This example will allow the IKEv2 daemon to provide keying
# material between the two hosts shown in the rule below.
#
# Consult the man page for ikev2.config(4) for details or more complicated
# examples.
#
# To enable IKEv2, modify this file to reflect your configuration and
# enable the IKEv2 service:
#
#  svcadm enable svc:/network/ipsec/ike:ikev2
#
# Note: IKE provides keying material for IPsec. The IPsec policy is not
# configured here, see /etc/inet/ipsecinit.sample or ipsecconf(1M). The
# cryptographic algorithms listed in this file are to protect the IKE
# exchanges. They are not necessarily the same as those used by IPsec.
#
#
# Preshared key example
#{
#        label "Example using preshared keys"
#	 auth_method preshared
#        local_addr 10.0.0.1
#        remote_addr 10.0.0.2
#        ikesa_xform { dh_group 14 auth_alg sha256 encr_alg aes }
#}
#
#
# The above rule requires preshared key for authentication.
# Add the following to /etc/inet/ike/ikev2.preshared
#
# For more details, see the ikev2.preshared(4) man page.
#
#{
#	label "Example using preshared keys"
#	key "This is my secret key string"
#}
#
# Certificate example
#{
#	label "Example using certificates"
#
#	auth_method cert
#	# Notice the "DN ="; all certspecs are prepended with "TYPE="
#	local_id EMAIL = "joe@nowhere.net"
#	remote_id DN = "C=US, ST=MA, O=Sun, OU=QA, CN=master"
#	remote_addr 10.0.1.95
#	local_addr 10.0.1.93
#	ikesa_xform { dh_group 21 auth_alg sha512 encr_alg aes }
#}
#
# The above rule requires certificates for authentication.
# Certificates are administered using the ikev2cert(1M) command,
# which operates on the IKEv2 PKCS#11 keystore.  See pkcs11_softtoken(5)
# for details.
#