System Administration Guide: IP Services
Previous Next

What's New in IPsec?

Solaris Express, Developer Edition 2/07: In this release, IPsec fully implements tunnels in tunnel mode, and modifies the utilities that support tunnels.

  • IPsec implements tunnels in tunnel mode for Virtual Private Networks (VPNs). In tunnel mode, IPsec supports multiple clients behind a single NAT. In tunnel mode, IPsec is interoperable with implementations of IP-in-IP tunnels by other vendors. IPsec continues to support tunnels in transport mode, so is compatible with earlier Solaris releases.

  • The syntax to create a tunnel is simplified. To manage IPsec policy, the ipsecconf command has been expanded. The ifconfig command is deprecated for managing IPsec policy.

In this release, the /etc/ipnodes file is removed. Use the /etc/hosts file to configure network IPv6 addresses.

Solaris 10 1/06: In this release, IKE is fully compliant with NAT-Traversal support as described in RFC 3947 and RFC 3948. IKE operations use the PKCS #11 library from the cryptographic framework, which improves performance.

The cryptographic framework provides a softtoken keystore for applications that use the metaslot. When IKE uses the metaslot, you have the option of storing the keys on disk, on an attached board, or in the softtoken keystore.

Previous Next