System Administration Guide: IP Services
Previous Next

IPsec Utilities and Files

Table 19-3 describes the files and commands that are used to configure and manage IPsec. For completeness, the table includes key management files and commands.

Table 19-3 List of Selected IPsec Files and Commands

IPsec Utility or File


Man Page

/etc/inet/ipsecinit.conf file

IPsec policy file. If this file exists, IPsec is activated at boot time.


ipsecconf command

IPsec policy command. The boot scripts use ipsecconf to read the /etc/inet/ipsecinit.conf file and activate IPsec. Useful for viewing and modifying the current IPsec policy, and for testing.


PF_KEY socket interface

Interface for security associations database (SADB). Handles manual key management and automatic key management.


ipseckey command

IPsec security associations (SAs) keying command. ipseckey is a command-line front end to the PF_KEY interface. ipseckey can create, destroy, or modify SAs.


/etc/inet/secret/ipseckeys file

Keys for IPsec SAs. If the ipsecinit.conf file exists, the ipseckeys file is automatically read at boot time.

ipsecalgs command

IPsec algorithms command. Useful for viewing and modifying the list of IPsec algorithms and their properties.


/etc/inet/ipsecalgs file

Contains the configured IPsec protocols and algorithm definitions. This file is managed by the ipsecalgs utility and must never be edited manually.

/etc/inet/ike/config file

IKE configuration and policy file. If this file exists, the IKE daemon, in.iked, provides automatic key management. The management is based on rules and global parameters in the /etc/inet/ike/config file. See IKE Utilities and Files.


Previous Next