This discussion is archived
1 Reply Latest reply: Aug 12, 2010 10:39 AM by 807567 RSS

ipsec/ike packages for Solaris 10 x86

807567 Newbie
Currently Being Moderated
# cat /etc/release
Solaris 10 8/07 s10x_u4wos_12b X86
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 16 August 2007

# svcadm enable svc:/network/ipsec/policy:default
svcadm: Pattern 'svc:/network/ipsec/policy:default' doesn't match any instances
# svcs -x svc:/network/ipsec/ike:default
svcs: Pattern 'svc:/network/ipsec/ike:default' doesn't match any instances

bash-3.00# svcs -l ike
svcs: Pattern 'ike' doesn't match any instances

bash-3.00# pkginfo |grep -i cry
system SUNWcrman Encryption Kit On-Line Manual Pages
system SUNWcry Crypt Utilities
system SUNWcryr Solaris Root Crypto
system SUNWdcaf DCA Crypto Accelerator (usr)
system SUNWdcar DCA Crypto Accelerator (Root)
EVO146 SUNWlibgcrypt Libgcrypt - Cryptographic Library
EVO146 SUNWlibgcrypt-devel Libgcrypt - Cryptographic Library - developer files

What package am I missing?
Thanks.
  • 1. Re: ipsec/ike packages for Solaris 10 x86
    807567 Newbie
    Currently Being Moderated
    SMF control for IPSEC didn't come along until Solaris 10 5/09. You would need this release (this ability is not provided by patches) in order to control ipsec via SMF:

    docs.sun.com Home > Solaris 10 What's New Collection > Solaris 10 5/09 What's New > 1. What's New in the Solaris 10 5/09 Release

    SMF Services for IPsec

    IP security (IPsec) is now managed by the following Solaris Management Facility (SMF) services:

    * svc:/network/ipsec/policy:default – The policy service checks for the /etc/inet/ipsecinit.conf file and feeds the data into the IPsec Security Policy Database (SPD). The policy service must be started and its file, /etc/inet/ipsecinit.conf, must exist for boot-time IPsec policy configuration.
    * svc:/network/ipsec/ike:default – The ike service controls the Internet Key Exchange (IKE) daemon in iked(1M). This service controls ike in a manner similar to other daemon-controlled services like ssh or sendmail.
    * svc:/network/ipsec/manual-key:default – The manual-key service checks for the /etc/inet/secret/ipseckeys file and feeds the keys into the IPsec Security Association Database (SADB). Prior to SMF, the mere existence of the /etc/inet/secret/ipseckeys file was sufficient, but now the service should also be enabled to load manual IPsec keys.
    * svc:/network/ipsec/ipsecalgs:default – The ipsecalgs service is enabled by default and maps Solaris Cryptographic Framework algorithms to their use in IPsec. Changes enabled with ipsecalgs(1M) subsequently refresh the ipsecalgs service.

    The SMF management brings all the SMF features to IPsec, for example, interface consistency, capability of restarting, and fault-tracking.