1 IKE.CONFIG(4) File Formats IKE.CONFIG(4) 2 3 4 5 NAME 6 ike.config - configuration file for IKE policy 7 8 SYNOPSIS 9 /etc/inet/ike/config 10 11 12 DESCRIPTION 13 The /etc/inet/ike/config file contains rules for matching inbound IKE 14 requests. It also contains rules for preparing outbound IKE requests. 15 16 17 You can test the syntactic correctness of an /etc/inet/ike/config file 18 by using the -c or -f options of in.iked(1M). You must use the -c option 19 to test a config file. You might need to use the -f option if it is not 20 in /etc/inet/ike/config. 21 22 Lexical Components 23 On any line, an unquoted # character introduces a comment. The 24 remainder of that line is ignored. Additionally, on any line, an 25 unquoted // sequence introduces a comment. The remainder of that line 26 is ignored. 27 28 29 There are several types of lexical tokens in the ike.config file: 30 31 num 32 A decimal, hex, or octal number representation is as in 'C'. 33 34 35 IPaddr/prefix/range 36 An IPv4 or IPv6 address with an optional /NNN suffix, (where NNN is 37 a num) that indicates an address (CIDR) prefix (for example, 38 10.1.2.0/24). An optional /ADDR suffix (where ADDR is a second IP 39 address) indicates an address/mask pair (for example, 40 10.1.2.0/255.255.255.0). An optional -ADDR suffix (where ADDR is a 41 second IPv4 address) indicates an inclusive range of addresses (for 42 example, 10.1.2.0-10.1.2.255). The / or - can be surrounded by an 43 arbitrary amount of white space. 44 45 46 XXX | YYY | ZZZ 47 Either the words XXX, YYY, or ZZZ, for example, {yes,no}. 48 49 50 p1-id-type 51 An IKE phase 1 identity type. IKE phase 1 identity types include: 52 dn, DN 53 dns, DNS 54 fqdn, FQDN 55 gn, GN 56 ip, IP 57 ipv4 58 ipv4_prefix 59 ipv4_range 60 ipv6 61 ipv6_prefix 62 ipv6_range 63 mbox, MBOX 64 user_fqdn 65 66 67 "string" 68 A quoted string. 69 70 Examples include:"Label foo", or "C=US, OU=Sun Microsystems\, Inc., 71 N=olemcd@eng.example.com" 72 73 A backslash (\) is an escape character. If the string needs an 74 actual backslash, two must be specified. 75 76 77 cert-sel 78 A certificate selector, a string which specifies the identities of 79 zero or more certificates. The specifiers can conform to X.509 80 naming conventions. 81 82 A cert-sel can also use various shortcuts to match either subject 83 alternative names, the filename or slot of a certificate in 84 /etc/inet/ike/publickeys, or even the ISSUER. For example: 85 86 "SLOT=0" 87 "EMAIL=postmaster@domain.org" 88 "webmaster@domain.org" # Some just work w/o TYPE= 89 "IP=10.0.0.1" 90 "10.21.11.11" # Some just work w/o TYPE= 91 "DNS=www.domain.org" 92 "mailhost.domain.org" # Some just work w/o TYPE= 93 "ISSUER=C=US, O=Sun Microsystems\, Inc., CN=Sun CA" 94 95 96 Any cert-sel preceded by the character ! indicates a negative match, 97 that is, not matching this specifier. These are the same kind of 98 strings used in ikecert(1M). 99 100 101 ldap-list 102 A quoted, comma-separated list of LDAP servers and ports. 103 104 For example, "ldap1.example.com", "ldap1.example.com:389", 105 "ldap1.example.com:389,ldap2.example.com". 106 107 The default port for LDAP is 389. 108 109 110 parameter-list 111 A list of parameters. 112 113 114 File Body Entries 115 There are four main types of entries: 116 117 o global parameters 118 119 o IKE phase 1 transform defaults 120 121 o IKE rule defaults 122 123 o IKE rules 124 125 126 The global parameter entries are as follows: 127 128 cert_root cert-sel 129 The X.509 distinguished name of a certificate that is a trusted 130 root CA certificate.It must be encoded in a file in the 131 /etc/inet/ike/publickeys directory. It must have a CRL in 132 /etc/inet/ike/crls. Multiple cert_root parameters aggregate. 133 134 135 cert_trust cert-sel 136 Specifies an X.509 distinguished name of a certificate that is 137 self-signed, or has otherwise been verified as trustworthy for 138 signing IKE exchanges. It must be encoded in a file in 139 /etc/inet/ike/publickeys. Multiple cert_trust parameters aggregate. 140 141 142 expire_timer integer 143 The number of seconds to let a not-yet-complete IKE Phase I (Main 144 Mode) negotiation linger before deleting it. Default value: 300 145 seconds. 146 147 148 ignore_crls 149 If this keyword is present in the file, in.iked(1M) ignores 150 Certificate Revocation Lists (CRLs) for root CAs (as given in 151 cert_root) 152 153 154 ldap_server ldap-list 155 A list of LDAP servers to query for certificates. The list can be 156 additive. 157 158 159 pkcs11_path string 160 The string that follows is a name of a shared object (.so) that 161 implements the PKCS#11 standard. The name is passed directly into 162 dlopen(3C) for linking, with all of the semantics of that library 163 call. By default, in.iked(1M) runs the same ISA as the running 164 kernel, so a library specified using pkcs11_path and an absolute 165 pathname must match the same ISA as the kernel. One can use the 166 start/exec SMF property (see svccfg(1M)) to change in.iked's ISA, 167 but it is not recommended. 168 169 If this setting is not present, the default value is set to 170 libpkcs11.so. Most cryptographic providers go through the default 171 library, and this parameter should only be used if a specialized 172 provider of IKE-useful cryptographic services cannot interface with 173 the Solaris Cryptographic Framework. See cryptoadm(1M). 174 175 This option is now deprecated, and may be removed in a future 176 release. 177 178 179 retry_limit integer 180 The number of retransmits before any IKE negotiation is aborted. 181 Default value: 5 times. 182 183 184 retry_timer_init integer or float 185 The initial interval (in seconds) between retransmits. This 186 interval is doubled until the retry_timer_max value (see below) is 187 reached. Default value: 0.5 seconds. 188 189 190 retry_timer_max integer or float 191 The maximum interval (in seconds) between retransmits. The doubling 192 retransmit interval stops growing at this limit. Default value: 30 193 seconds. 194 195 Note - 196 197 This value is never reached with the default configuration. The 198 longest interval is 8 (0.5 * 2 ^ (5 - 1)) seconds. 199 200 201 proxy string 202 The string following this keyword must be a URL for an HTTP proxy, 203 for example, http://proxy:8080. 204 205 206 socks string 207 The string following this keyword must be a URL for a SOCKS proxy, 208 for example, socks://socks-proxy. 209 210 211 use_http 212 If this keyword is present in the file, in.iked(1M) uses HTTP to 213 retrieve Certificate Revocation Lists (CRLs). 214 215 216 217 The following IKE phase 1 transform parameters can be prefigured using 218 file-level defaults. Values specified within any given transform 219 override these defaults. 220 221 222 The IKE phase 1 transform defaults are as follows: 223 224 p1_lifetime_secs num 225 The proposed default lifetime, in seconds, of an IKE phase 1 226 security association (SA). 227 228 229 p1_nonce_len num 230 The length in bytes of the phase 1 (quick mode) nonce data. This 231 cannot be specified on a per-rule basis. 232 233 234 235 The following IKE rule parameters can be prefigured using file-level 236 defaults. Values specified within any given rule override these 237 defaults, unless a rule cannot. 238 239 p2_lifetime_secs num 240 The proposed default lifetime, in seconds, of an IKE phase 2 241 security association (SA). This value is optional. If omitted, a 242 default value is used. 243 244 245 p2_softlife_secs num 246 The soft lifetime of a phase 2 SA, in seconds. If this value is 247 specified, the SA soft expires after the number of seconds 248 specified by p2_softlife_secs. This causes in.iked to renegotiate a 249 new phase 2 SA before the original SA expires. 250 251 This value is optional, if omitted soft expiry occurs after 90% of 252 the lifetime specified by p2_lifetime_secs. The value specified by 253 p2_softlife_secs is ignored if p2_lifetime_secs is not specified. 254 255 Setting p2_softlife_secs to the same value as p2_lifetime_secs 256 disables soft expires. 257 258 259 p2_idletime_secs num 260 The idle lifetime of a phase 2 SA, in seconds. If the value is 261 specified, the value specifies the lifetime of the SA, if the 262 security association is not used before the SA is revalidated. 263 264 265 p2_lifetime_kb num 266 The lifetime of an SA can optionally be specified in kilobytes. 267 This parameter specifies the default value. If lifetimes are 268 specified in both seconds and kilobytes, the SA expires when either 269 the seconds or kilobyte threshholds are passed. 270 271 272 p2_softlife_kb num 273 This value is the number of kilobytes that can be protected by an 274 SA before a soft expire occurs (see p2_softlife_secs, above). 275 276 This value is optional. If omitted, soft expiry occurs after 90% of 277 the lifetime specified by p2_lifetime_kb. The value specified by 278 p2_softlife_kb is ignored if p2_lifetime_kb is not specified. 279 280 281 p2_nonce_len num 282 The length in bytes of the phase 2 (quick mode) nonce data. This 283 cannot be specified on a per-rule basis. 284 285 286 local_id_type p1-id-type 287 The local identity for IKE requires a type. This identity type is 288 reflected in the IKE exchange. The type can be one of the 289 following: 290 291 o an IP address (for example, 10.1.1.2) 292 293 o DNS name (for example, test.domain.com) 294 295 o MBOX RFC 822 name (for example, root@domain.com) 296 297 o DNX.509 distinguished name (for example, C=US, O=Sun 298 Microsystems, Inc., CN=Sun Test cert) 299 300 301 p1_xform '{' parameter-list '} 302 A phase 1 transform specifies a method for protecting an IKE phase 303 1 exchange. An initiator offers up lists of phase 1 transforms, 304 and a receiver is expected to only accept such an entry if it 305 matches one in a phase 1 rule. There can be several of these, and 306 they are additive. There must be either at least one phase 1 307 transform in a rule or a global default phase 1 transform list. In 308 a configuration file without a global default phase 1 transform 309 list and a rule without a phase, transform list is an invalid file. 310 Unless specified as optional, elements in the parameter-list must 311 occur exactly once within a given transform's parameter-list: 312 313 oakley_group number 314 The Oakley Diffie-Hellman group used for IKE SA key derivation. 315 The group numbers are defined in RFC 2409, Appendix A, RFC 316 3526, and RFC 5114, section 3.2. Acceptable values are 317 currently: 318 1 (MODP 768-bit) 319 2 (MODP 1024-bit) 320 3 (EC2N 155-bit) 321 4 (EC2N 185-bit) 322 5 (MODP 1536-bit) 323 14 (MODP 2048-bit) 324 15 (MODP 3072-bit) 325 16 (MODP 4096-bit) 326 17 (MODP 6144-bit) 327 18 (MODP 8192-bit) 328 19 (ECP 256-bit) 329 20 (ECP 384-bit) 330 21 (ECP 521-bit) 331 22 (MODP 1024-bit, with 160-bit Prime Order Subgroup) 332 23 (MODP 2048-bit, with 224-bit Prime Order Subgroup) 333 24 (MODP 2048-bit, with 256-bit Prime Order Subgroup) 334 25 (ECP 192-bit) 335 26 (ECP 224-bit) 336 337 338 encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc, aes, 339 aes-cbc} 340 An encryption algorithm, as in ipsecconf(1M). However, of the 341 ciphers listed above, only aes and aes-cbc allow optional key- 342 size setting, using the "low value-to-high value" syntax. To 343 specify a single AES key size, the low value must equal the 344 high value. If no range is specified, all three AES key sizes 345 are allowed. 346 347 348 auth_alg {md5, sha, sha1, sha256, sha384, sha512} 349 An authentication algorithm. 350 351 Use ipsecalgs(1M) with the -l option to list the IPsec protocols 352 and algorithms currently defined on a system. The cryptoadm 353 list command diplays a list of installed providers and their 354 mechanisms. See cryptoadm(1M). 355 356 357 auth_method {preshared, rsa_sig, rsa_encrypt, dss_sig} 358 The authentication method used for IKE phase 1. 359 360 361 p1_lifetime_secs num 362 Optional. The lifetime for a phase 1 SA. 363 364 365 366 p2_lifetime_secs num 367 If configuring the kernel defaults is not sufficient for different 368 tasks, this parameter can be used on a per-rule basis to set the 369 IPsec SA lifetimes in seconds. 370 371 372 p2_pfs num 373 Use perfect forward secrecy for phase 2 (quick mode). If selected, 374 the oakley group specified is used for phase 2 PFS. Acceptable 375 values are: 376 0 (do not use Perfect Forward Secrecy for IPsec SAs) 377 1 (768-bit) 378 2 (1024-bit) 379 5 (1536-bit) 380 14 (2048-bit) 381 15 (3072-bit) 382 16 (4096-bit) 383 384 385 386 An IKE rule starts with a right-curly-brace ({), ends with a left-curly- 387 brace (}), and has the following parameters in between: 388 389 label string 390 Required parameter. The administrative interface to in.iked looks 391 up phase 1 policy rules with the label as the search string. The 392 administrative interface also converts the label into an index, 393 suitable for an extended ACQUIRE message from PF_KEY - effectively 394 tying IPsec policy to IKE policy in the case of a node initiating 395 traffic. Only one label parameter is allowed per rule. 396 397 398 local_addr <IPaddr/prefix/range> 399 Required parameter. The local address, address prefix, or address 400 range for this phase 1 rule. Multiple local_addr parameters 401 accumulate within a given rule. 402 403 404 remote_addr <IPaddr/prefix/range> 405 Required parameter. The remote address, address prefix, or address 406 range for this phase 1 rule. Multiple remote_addr parameters 407 accumulate within a given rule. 408 409 410 local_id_type p1-id-type 411 Which phase 1 identity type I uses. This is needed because a single 412 certificate can contain multiple values for use in IKE phase 1. 413 Within a given rule, all phase 1 transforms must either use 414 preshared or non-preshared authentication (they cannot be mixed). 415 For rules with preshared authentication, the local_id_type 416 parameter is optional, and defaults to IP. For rules which use non- 417 preshared authentication, the 'local_id_type' parameter is 418 required. Multiple 'local_id_type' parameters within a rule are not 419 allowed. 420 421 422 local_id cert-sel 423 Disallowed for preshared authentication method; required parameter 424 for non-preshared authentication method. The local identity string 425 or certificate selector. Only one local identity per rule is used, 426 the first one stated. 427 428 429 remote_id cert-sel 430 Disallowed for preshared authentication method; required parameter 431 for non-preshared authentication method. Selector for which remote 432 phase 1 identities are allowed by this rule. Multiple remote_id 433 parameters accumulate within a given rule. If a single empty string 434 ("") is given, then this accepts any remote ID for phase 1. It is 435 recommended that certificate trust chains or address enforcement be 436 configured strictly to prevent a breakdown in security if this 437 value for remote_id is used. 438 439 440 p2_lifetime_secs num 441 If configuring the kernel defaults is not sufficient for different 442 tasks, this parameter can be used on a per-rule basis to set the 443 IPsec SA lifetimes in seconds. 444 445 446 p2_pfs num 447 Use perfect forward secrecy for phase 2 (quick mode). If selected, 448 the oakley group specified is used for phase 2 PFS. Acceptable 449 values are: 450 0 (do not use Perfect Forward Secrecy for IPsec SAs) 451 1 (768-bit) 452 2 (1024-bit) 453 5 (1536-bit) 454 14 (2048-bit) 455 15 (3072-bit) 456 16 (4096-bit) 457 458 459 p1_xform { parameter-list } 460 A phase 1 transform specifies a method for protecting an IKE phase 461 1 exchange. An initiator offers up lists of phase 1 transforms, 462 and a receiver is expected to only accept such an entry if it 463 matches one in a phase 1 rule. There can be several of these, and 464 they are additive. There must be either at least one phase 1 465 transform in a rule or a global default phase 1 transform list. A 466 ike.config file without a global default phase 1transform list and 467 a rule without a phase 1 transform list is an invalid file. 468 Elements within the parameter-list; unless specified as optional, 469 must occur exactly once within a given transform's parameter-list: 470 471 oakley_group number 472 The Oakley Diffie-Hellman group used for IKE SA key derivation. 473 Acceptable values are currently: 474 1 (768-bit) 475 2 (1024-bit) 476 5 (1536-bit) 477 14 (2048-bit) 478 15 (3072-bit) 479 16 (4096-bit) 480 481 482 encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc, aes, 483 aes-cbc} 484 An encryption algorithm, as in ipsecconf(1M). However, of the 485 ciphers listed above, only aes and aes-cbc allow optional key- 486 size setting, using the "low value-to-high value" syntax. To 487 specify a single AES key size, the low value must equal the 488 high value. If no range is specified, all three AES key sizes 489 are allowed. 490 491 492 auth_alg {md5, sha, sha1} 493 An authentication algorithm, as specified in ipseckey(1M). 494 495 496 auth_method {preshared, rsa_sig, rsa_encrypt, dss_sig} 497 The authentication method used for IKE phase 1. 498 499 500 p1_lifetime_secs num 501 Optional. The lifetime for a phase 1 SA. 502 503 504 505 EXAMPLES 506 Example 1 A Sample ike.config File 507 508 509 The following is an example of an ike.config file: 510 511 512 513 ### BEGINNING OF FILE 514 515 ### First some global parameters... 516 517 ### certificate parameters... 518 519 # Root certificates. I SHOULD use a full Distinguished Name. 520 # I must have this certificate in my local filesystem, see ikecert(1m). 521 cert_root "C=US, O=Sun Microsystems\, Inc., CN=Sun CA" 522 523 # Explicitly trusted certs that need no signatures, or perhaps 524 # self-signed ones. Like root certificates, use full DNs for them 525 # for now. 526 cert_trust "EMAIL=root@domain.org" 527 528 # Where do I send LDAP requests? 529 ldap_server "ldap1.domain.org,ldap2.domain.org:389" 530 531 ## phase 1 transform defaults... 532 533 p1_lifetime_secs 14400 534 p1_nonce_len 20 535 536 ## Parameters that might also show up in rules. 537 538 p1_xform { auth_method preshared oakley_group 5 auth_alg sha 539 encr_alg 3des } 540 p2_pfs 2 541 542 543 544 ### Now some rules... 545 546 { 547 label "simple inheritor" 548 local_id_type ip 549 local_addr 10.1.1.1 550 remote_addr 10.1.1.2 551 } 552 { 553 label "simple inheritor IPv6" 554 local_id_type ipv6 555 local_addr fe80::a00:20ff:fe7d:6 556 remote_addr fe80::a00:20ff:fefb:3780 557 } 558 559 { 560 # an index-only rule. If I'm a receiver, and all I 561 # have are index-only rules, what do I do about inbound IKE requests? 562 # Answer: Take them all! 563 564 label "default rule" 565 # Use whatever "host" (e.g. IP address) identity is appropriate 566 local_id_type ipv4 567 568 local_addr 0.0.0.0/0 569 remote_addr 0.0.0.0/0 570 571 p2_pfs 5 572 573 # Now I'm going to have the p1_xforms 574 p1_xform 575 {auth_method preshared oakley_group 5 auth_alg md5 encr_alg \ 576 blowfish } p1_xform 577 {auth_method preshared oakley_group 5 auth_alg md5 encr_alg 3des } 578 579 # After said list, another keyword (or a '}') stops xform 580 # parsing. 581 } 582 583 { 584 # Let's try something a little more conventional. 585 586 label "host to .80 subnet" 587 local_id_type ip 588 local_id "10.1.86.51" 589 590 remote_id "" # Take any, use remote_addr for access control. 591 592 local_addr 10.1.86.51 593 remote_addr 10.1.80.0/24 594 595 p1_xform 596 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des } 597 p1_xform 598 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \ 599 blowfish } 600 p1_xform 601 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg 3des } 602 p1_xform 603 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \ 604 blowfish } 605 } 606 607 { 608 # Let's try something a little more conventional, but with ipv6. 609 610 label "host to fe80::/10 subnet" 611 local_id_type ip 612 local_id "fe80::a00:20ff:fe7d:6" 613 614 remote_id "" # Take any, use remote_addr for access control. 615 616 local_addr fe80::a00:20ff:fe7d:6 617 remote_addr fe80::/10 618 619 p1_xform 620 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des } 621 p1_xform 622 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \ 623 blowfish } 624 p1_xform 625 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \ 626 3des } 627 p1_xform 628 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \ 629 blowfish } 630 } 631 632 { 633 # How 'bout something with a different cert type and name? 634 635 label "punchin-point" 636 local_id_type mbox 637 local_id "ipsec-wizard@domain.org" 638 639 remote_id "10.5.5.128" 640 641 local_addr 0.0.0.0/0 642 remote_addr 10.5.5.128 643 644 p1_xform 645 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \ 646 blowfish } 647 } 648 649 { 650 label "receiver side" 651 652 remote_id "ipsec-wizard@domain.org" 653 654 local_id_type ip 655 local_id "10.5.5.128" 656 657 local_addr 10.5.5.128 658 remote_addr 0.0.0.0/0 659 660 p1_xform 661 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg blowfish } 662 # NOTE: Specifying preshared null-and-voids the remote_id/local_id 663 # fields. 664 p1_xform 665 { auth_method preshared oakley_group 5 auth_alg md5 encr_alg \ 666 blowfish} 667 668 } 669 670 671 ATTRIBUTES 672 See attributes(5) for descriptions of the following attributes: 673 674 675 676 677 +--------------------+-----------------+ 678 | ATTRIBUTE TYPE | ATTRIBUTE VALUE | 679 +--------------------+-----------------+ 680 |Interface Stability | Committed | 681 +--------------------+-----------------+ 682 683 SEE ALSO 684 cryptoadm(1M), ikeadm(1M), in.iked(1M), ikecert(1M), ipseckey(1M), 685 ipsecalgs(1M), ipsecconf(1M), svccfg(1M), dlopen(3C), attributes(5), 686 random(7D) 687 688 689 Harkins, Dan and Carrel, Dave. RFC 2409, Internet Key Exchange (IKE). 690 Cisco Systems, November 1998. 691 692 693 Maughan, Douglas et. al. RFC 2408, Internet Security Association and 694 Key Management Protocol (ISAKMP). National Security Agency, Ft. Meade, 695 MD. November 1998. 696 697 698 Piper, Derrell. RFC 2407, The Internet IP Security Domain of 699 Interpretation for ISAKMP. Network Alchemy. Santa Cruz, California. 700 November 1998. 701 702 703 Kivinen, T. RFC 3526, More Modular Exponential (MODP) Diffie-Hellman 704 Groups for Internet Key Exchange (IKE). The Internet Society, Network 705 Working Group. May 2003. 706 707 708 Lepinksi, M. and Kent, S. RFC 5114, Additional Diffie-Hellman Groups for 709 Use with IETF Standards. BBN Technologies, January 2008. 710 711 712 Fu, D. and Solinas, J. RFC 5903, Elliptic Curve Groups modulo a Prime 713 (ECP Groups) for IKE and IKEv2. NSA, June 2010. 714 715 716 717 April 27, 2009 IKE.CONFIG(4)