1 IKE.CONFIG(4) File Formats IKE.CONFIG(4)
2
3
4
5 NAME
6 ike.config - configuration file for IKE policy
7
8 SYNOPSIS
9 /etc/inet/ike/config
10
11
12 DESCRIPTION
13 The /etc/inet/ike/config file contains rules for matching inbound IKE
14 requests. It also contains rules for preparing outbound IKE requests.
15
16
17 You can test the syntactic correctness of an /etc/inet/ike/config file
18 by using the -c or -f options of in.iked(1M). You must use the -c option
19 to test a config file. You might need to use the -f option if it is not
20 in /etc/inet/ike/config.
21
22 Lexical Components
23 On any line, an unquoted # character introduces a comment. The
24 remainder of that line is ignored. Additionally, on any line, an
25 unquoted // sequence introduces a comment. The remainder of that line
26 is ignored.
27
28
29 There are several types of lexical tokens in the ike.config file:
30
31 num
32 A decimal, hex, or octal number representation is as in 'C'.
33
34
35 IPaddr/prefix/range
36 An IPv4 or IPv6 address with an optional /NNN suffix, (where NNN is
37 a num) that indicates an address (CIDR) prefix (for example,
38 10.1.2.0/24). An optional /ADDR suffix (where ADDR is a second IP
39 address) indicates an address/mask pair (for example,
40 10.1.2.0/255.255.255.0). An optional -ADDR suffix (where ADDR is a
41 second IPv4 address) indicates an inclusive range of addresses (for
42 example, 10.1.2.0-10.1.2.255). The / or - can be surrounded by an
43 arbitrary amount of white space.
44
45
46 XXX | YYY | ZZZ
47 Either the words XXX, YYY, or ZZZ, for example, {yes,no}.
48
49
50 p1-id-type
51 An IKE phase 1 identity type. IKE phase 1 identity types include:
52 dn, DN
53 dns, DNS
54 fqdn, FQDN
55 gn, GN
56 ip, IP
57 ipv4
58 ipv4_prefix
59 ipv4_range
60 ipv6
61 ipv6_prefix
62 ipv6_range
63 mbox, MBOX
64 user_fqdn
65
66
67 "string"
68 A quoted string.
69
70 Examples include:"Label foo", or "C=US, OU=Sun Microsystems\, Inc.,
71 N=olemcd@eng.example.com"
72
73 A backslash (\) is an escape character. If the string needs an
74 actual backslash, two must be specified.
75
76
77 cert-sel
78 A certificate selector, a string which specifies the identities of
79 zero or more certificates. The specifiers can conform to X.509
80 naming conventions.
81
82 A cert-sel can also use various shortcuts to match either subject
83 alternative names, the filename or slot of a certificate in
84 /etc/inet/ike/publickeys, or even the ISSUER. For example:
85
86 "SLOT=0"
87 "EMAIL=postmaster@domain.org"
88 "webmaster@domain.org" # Some just work w/o TYPE=
89 "IP=10.0.0.1"
90 "10.21.11.11" # Some just work w/o TYPE=
91 "DNS=www.domain.org"
92 "mailhost.domain.org" # Some just work w/o TYPE=
93 "ISSUER=C=US, O=Sun Microsystems\, Inc., CN=Sun CA"
94
95
96 Any cert-sel preceded by the character ! indicates a negative match,
97 that is, not matching this specifier. These are the same kind of
98 strings used in ikecert(1M).
99
100
101 ldap-list
102 A quoted, comma-separated list of LDAP servers and ports.
103
104 For example, "ldap1.example.com", "ldap1.example.com:389",
105 "ldap1.example.com:389,ldap2.example.com".
106
107 The default port for LDAP is 389.
108
109
110 parameter-list
111 A list of parameters.
112
113
114 File Body Entries
115 There are four main types of entries:
116
117 o global parameters
118
119 o IKE phase 1 transform defaults
120
121 o IKE rule defaults
122
123 o IKE rules
124
125
126 The global parameter entries are as follows:
127
128 cert_root cert-sel
129 The X.509 distinguished name of a certificate that is a trusted
130 root CA certificate.It must be encoded in a file in the
131 /etc/inet/ike/publickeys directory. It must have a CRL in
132 /etc/inet/ike/crls. Multiple cert_root parameters aggregate.
133
134
135 cert_trust cert-sel
136 Specifies an X.509 distinguished name of a certificate that is
137 self-signed, or has otherwise been verified as trustworthy for
138 signing IKE exchanges. It must be encoded in a file in
139 /etc/inet/ike/publickeys. Multiple cert_trust parameters aggregate.
140
141
142 expire_timer integer
143 The number of seconds to let a not-yet-complete IKE Phase I (Main
144 Mode) negotiation linger before deleting it. Default value: 300
145 seconds.
146
147
148 ignore_crls
149 If this keyword is present in the file, in.iked(1M) ignores
150 Certificate Revocation Lists (CRLs) for root CAs (as given in
151 cert_root)
152
153
154 ldap_server ldap-list
155 A list of LDAP servers to query for certificates. The list can be
156 additive.
157
158
159 pkcs11_path string
160 The string that follows is a name of a shared object (.so) that
161 implements the PKCS#11 standard. The name is passed directly into
162 dlopen(3C) for linking, with all of the semantics of that library
163 call. By default, in.iked(1M) runs the same ISA as the running
164 kernel, so a library specified using pkcs11_path and an absolute
165 pathname must match the same ISA as the kernel. One can use the
166 start/exec SMF property (see svccfg(1M)) to change in.iked's ISA,
167 but it is not recommended.
168
169 If this setting is not present, the default value is set to
170 libpkcs11.so. Most cryptographic providers go through the default
171 library, and this parameter should only be used if a specialized
172 provider of IKE-useful cryptographic services cannot interface with
173 the Solaris Cryptographic Framework. See cryptoadm(1M).
174
175 This option is now deprecated, and may be removed in a future
176 release.
177
178
179 retry_limit integer
180 The number of retransmits before any IKE negotiation is aborted.
181 Default value: 5 times.
182
183
184 retry_timer_init integer or float
185 The initial interval (in seconds) between retransmits. This
186 interval is doubled until the retry_timer_max value (see below) is
187 reached. Default value: 0.5 seconds.
188
189
190 retry_timer_max integer or float
191 The maximum interval (in seconds) between retransmits. The doubling
192 retransmit interval stops growing at this limit. Default value: 30
193 seconds.
194
195 Note -
196
197 This value is never reached with the default configuration. The
198 longest interval is 8 (0.5 * 2 ^ (5 - 1)) seconds.
199
200
201 proxy string
202 The string following this keyword must be a URL for an HTTP proxy,
203 for example, http://proxy:8080.
204
205
206 socks string
207 The string following this keyword must be a URL for a SOCKS proxy,
208 for example, socks://socks-proxy.
209
210
211 use_http
212 If this keyword is present in the file, in.iked(1M) uses HTTP to
213 retrieve Certificate Revocation Lists (CRLs).
214
215
216
217 The following IKE phase 1 transform parameters can be prefigured using
218 file-level defaults. Values specified within any given transform
219 override these defaults.
220
221
222 The IKE phase 1 transform defaults are as follows:
223
224 p1_lifetime_secs num
225 The proposed default lifetime, in seconds, of an IKE phase 1
226 security association (SA).
227
228
229 p1_nonce_len num
230 The length in bytes of the phase 1 (quick mode) nonce data. This
231 cannot be specified on a per-rule basis.
232
233
234
235 The following IKE rule parameters can be prefigured using file-level
236 defaults. Values specified within any given rule override these
237 defaults, unless a rule cannot.
238
239 p2_lifetime_secs num
240 The proposed default lifetime, in seconds, of an IKE phase 2
241 security association (SA). This value is optional. If omitted, a
242 default value is used.
243
244
245 p2_softlife_secs num
246 The soft lifetime of a phase 2 SA, in seconds. If this value is
247 specified, the SA soft expires after the number of seconds
248 specified by p2_softlife_secs. This causes in.iked to renegotiate a
249 new phase 2 SA before the original SA expires.
250
251 This value is optional, if omitted soft expiry occurs after 90% of
252 the lifetime specified by p2_lifetime_secs. The value specified by
253 p2_softlife_secs is ignored if p2_lifetime_secs is not specified.
254
255 Setting p2_softlife_secs to the same value as p2_lifetime_secs
256 disables soft expires.
257
258
259 p2_idletime_secs num
260 The idle lifetime of a phase 2 SA, in seconds. If the value is
261 specified, the value specifies the lifetime of the SA, if the
262 security association is not used before the SA is revalidated.
263
264
265 p2_lifetime_kb num
266 The lifetime of an SA can optionally be specified in kilobytes.
267 This parameter specifies the default value. If lifetimes are
268 specified in both seconds and kilobytes, the SA expires when either
269 the seconds or kilobyte threshholds are passed.
270
271
272 p2_softlife_kb num
273 This value is the number of kilobytes that can be protected by an
274 SA before a soft expire occurs (see p2_softlife_secs, above).
275
276 This value is optional. If omitted, soft expiry occurs after 90% of
277 the lifetime specified by p2_lifetime_kb. The value specified by
278 p2_softlife_kb is ignored if p2_lifetime_kb is not specified.
279
280
281 p2_nonce_len num
282 The length in bytes of the phase 2 (quick mode) nonce data. This
283 cannot be specified on a per-rule basis.
284
285
286 local_id_type p1-id-type
287 The local identity for IKE requires a type. This identity type is
288 reflected in the IKE exchange. The type can be one of the
289 following:
290
291 o an IP address (for example, 10.1.1.2)
292
293 o DNS name (for example, test.domain.com)
294
295 o MBOX RFC 822 name (for example, root@domain.com)
296
297 o DNX.509 distinguished name (for example, C=US, O=Sun
298 Microsystems, Inc., CN=Sun Test cert)
299
300
301 p1_xform '{' parameter-list '}
302 A phase 1 transform specifies a method for protecting an IKE phase
303 1 exchange. An initiator offers up lists of phase 1 transforms,
304 and a receiver is expected to only accept such an entry if it
305 matches one in a phase 1 rule. There can be several of these, and
306 they are additive. There must be either at least one phase 1
307 transform in a rule or a global default phase 1 transform list. In
308 a configuration file without a global default phase 1 transform
309 list and a rule without a phase, transform list is an invalid file.
310 Unless specified as optional, elements in the parameter-list must
311 occur exactly once within a given transform's parameter-list:
312
313 oakley_group number
314 The Oakley Diffie-Hellman group used for IKE SA key derivation.
315 The group numbers are defined in RFC 2409, Appendix A, RFC
316 3526, and RFC 5114, section 3.2. Acceptable values are
317 currently:
318 1 (MODP 768-bit)
319 2 (MODP 1024-bit)
320 3 (EC2N 155-bit)
321 4 (EC2N 185-bit)
322 5 (MODP 1536-bit)
323 14 (MODP 2048-bit)
324 15 (MODP 3072-bit)
325 16 (MODP 4096-bit)
326 17 (MODP 6144-bit)
327 18 (MODP 8192-bit)
328 19 (ECP 256-bit)
329 20 (ECP 384-bit)
330 21 (ECP 521-bit)
331 22 (MODP 1024-bit, with 160-bit Prime Order Subgroup)
332 23 (MODP 2048-bit, with 224-bit Prime Order Subgroup)
333 24 (MODP 2048-bit, with 256-bit Prime Order Subgroup)
334 25 (ECP 192-bit)
335 26 (ECP 224-bit)
336
337
338 encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc, aes,
339 aes-cbc}
340 An encryption algorithm, as in ipsecconf(1M). However, of the
341 ciphers listed above, only aes and aes-cbc allow optional key-
342 size setting, using the "low value-to-high value" syntax. To
343 specify a single AES key size, the low value must equal the
344 high value. If no range is specified, all three AES key sizes
345 are allowed.
346
347
348 auth_alg {md5, sha, sha1, sha256, sha384, sha512}
349 An authentication algorithm.
350
351 Use ipsecalgs(1M) with the -l option to list the IPsec protocols
352 and algorithms currently defined on a system. The cryptoadm
353 list command diplays a list of installed providers and their
354 mechanisms. See cryptoadm(1M).
355
356
357 auth_method {preshared, rsa_sig, rsa_encrypt, dss_sig}
358 The authentication method used for IKE phase 1.
359
360
361 p1_lifetime_secs num
362 Optional. The lifetime for a phase 1 SA.
363
364
365
366 p2_lifetime_secs num
367 If configuring the kernel defaults is not sufficient for different
368 tasks, this parameter can be used on a per-rule basis to set the
369 IPsec SA lifetimes in seconds.
370
371
372 p2_pfs num
373 Use perfect forward secrecy for phase 2 (quick mode). If selected,
374 the oakley group specified is used for phase 2 PFS. Acceptable
375 values are:
376 0 (do not use Perfect Forward Secrecy for IPsec SAs)
377 1 (768-bit)
378 2 (1024-bit)
379 5 (1536-bit)
380 14 (2048-bit)
381 15 (3072-bit)
382 16 (4096-bit)
383
384
385
386 An IKE rule starts with a right-curly-brace ({), ends with a left-curly-
387 brace (}), and has the following parameters in between:
388
389 label string
390 Required parameter. The administrative interface to in.iked looks
391 up phase 1 policy rules with the label as the search string. The
392 administrative interface also converts the label into an index,
393 suitable for an extended ACQUIRE message from PF_KEY - effectively
394 tying IPsec policy to IKE policy in the case of a node initiating
395 traffic. Only one label parameter is allowed per rule.
396
397
398 local_addr <IPaddr/prefix/range>
399 Required parameter. The local address, address prefix, or address
400 range for this phase 1 rule. Multiple local_addr parameters
401 accumulate within a given rule.
402
403
404 remote_addr <IPaddr/prefix/range>
405 Required parameter. The remote address, address prefix, or address
406 range for this phase 1 rule. Multiple remote_addr parameters
407 accumulate within a given rule.
408
409
410 local_id_type p1-id-type
411 Which phase 1 identity type I uses. This is needed because a single
412 certificate can contain multiple values for use in IKE phase 1.
413 Within a given rule, all phase 1 transforms must either use
414 preshared or non-preshared authentication (they cannot be mixed).
415 For rules with preshared authentication, the local_id_type
416 parameter is optional, and defaults to IP. For rules which use non-
417 preshared authentication, the 'local_id_type' parameter is
418 required. Multiple 'local_id_type' parameters within a rule are not
419 allowed.
420
421
422 local_id cert-sel
423 Disallowed for preshared authentication method; required parameter
424 for non-preshared authentication method. The local identity string
425 or certificate selector. Only one local identity per rule is used,
426 the first one stated.
427
428
429 remote_id cert-sel
430 Disallowed for preshared authentication method; required parameter
431 for non-preshared authentication method. Selector for which remote
432 phase 1 identities are allowed by this rule. Multiple remote_id
433 parameters accumulate within a given rule. If a single empty string
434 ("") is given, then this accepts any remote ID for phase 1. It is
435 recommended that certificate trust chains or address enforcement be
436 configured strictly to prevent a breakdown in security if this
437 value for remote_id is used.
438
439
440 p2_lifetime_secs num
441 If configuring the kernel defaults is not sufficient for different
442 tasks, this parameter can be used on a per-rule basis to set the
443 IPsec SA lifetimes in seconds.
444
445
446 p2_pfs num
447 Use perfect forward secrecy for phase 2 (quick mode). If selected,
448 the oakley group specified is used for phase 2 PFS. Acceptable
449 values are:
450 0 (do not use Perfect Forward Secrecy for IPsec SAs)
451 1 (768-bit)
452 2 (1024-bit)
453 5 (1536-bit)
454 14 (2048-bit)
455 15 (3072-bit)
456 16 (4096-bit)
457
458
459 p1_xform { parameter-list }
460 A phase 1 transform specifies a method for protecting an IKE phase
461 1 exchange. An initiator offers up lists of phase 1 transforms,
462 and a receiver is expected to only accept such an entry if it
463 matches one in a phase 1 rule. There can be several of these, and
464 they are additive. There must be either at least one phase 1
465 transform in a rule or a global default phase 1 transform list. A
466 ike.config file without a global default phase 1transform list and
467 a rule without a phase 1 transform list is an invalid file.
468 Elements within the parameter-list; unless specified as optional,
469 must occur exactly once within a given transform's parameter-list:
470
471 oakley_group number
472 The Oakley Diffie-Hellman group used for IKE SA key derivation.
473 Acceptable values are currently:
474 1 (768-bit)
475 2 (1024-bit)
476 5 (1536-bit)
477 14 (2048-bit)
478 15 (3072-bit)
479 16 (4096-bit)
480
481
482 encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc, aes,
483 aes-cbc}
484 An encryption algorithm, as in ipsecconf(1M). However, of the
485 ciphers listed above, only aes and aes-cbc allow optional key-
486 size setting, using the "low value-to-high value" syntax. To
487 specify a single AES key size, the low value must equal the
488 high value. If no range is specified, all three AES key sizes
489 are allowed.
490
491
492 auth_alg {md5, sha, sha1}
493 An authentication algorithm, as specified in ipseckey(1M).
494
495
496 auth_method {preshared, rsa_sig, rsa_encrypt, dss_sig}
497 The authentication method used for IKE phase 1.
498
499
500 p1_lifetime_secs num
501 Optional. The lifetime for a phase 1 SA.
502
503
504
505 EXAMPLES
506 Example 1 A Sample ike.config File
507
508
509 The following is an example of an ike.config file:
510
511
512
513 ### BEGINNING OF FILE
514
515 ### First some global parameters...
516
517 ### certificate parameters...
518
519 # Root certificates. I SHOULD use a full Distinguished Name.
520 # I must have this certificate in my local filesystem, see ikecert(1m).
521 cert_root "C=US, O=Sun Microsystems\, Inc., CN=Sun CA"
522
523 # Explicitly trusted certs that need no signatures, or perhaps
524 # self-signed ones. Like root certificates, use full DNs for them
525 # for now.
526 cert_trust "EMAIL=root@domain.org"
527
528 # Where do I send LDAP requests?
529 ldap_server "ldap1.domain.org,ldap2.domain.org:389"
530
531 ## phase 1 transform defaults...
532
533 p1_lifetime_secs 14400
534 p1_nonce_len 20
535
536 ## Parameters that might also show up in rules.
537
538 p1_xform { auth_method preshared oakley_group 5 auth_alg sha
539 encr_alg 3des }
540 p2_pfs 2
541
542
543
544 ### Now some rules...
545
546 {
547 label "simple inheritor"
548 local_id_type ip
549 local_addr 10.1.1.1
550 remote_addr 10.1.1.2
551 }
552 {
553 label "simple inheritor IPv6"
554 local_id_type ipv6
555 local_addr fe80::a00:20ff:fe7d:6
556 remote_addr fe80::a00:20ff:fefb:3780
557 }
558
559 {
560 # an index-only rule. If I'm a receiver, and all I
561 # have are index-only rules, what do I do about inbound IKE requests?
562 # Answer: Take them all!
563
564 label "default rule"
565 # Use whatever "host" (e.g. IP address) identity is appropriate
566 local_id_type ipv4
567
568 local_addr 0.0.0.0/0
569 remote_addr 0.0.0.0/0
570
571 p2_pfs 5
572
573 # Now I'm going to have the p1_xforms
574 p1_xform
575 {auth_method preshared oakley_group 5 auth_alg md5 encr_alg \
576 blowfish } p1_xform
577 {auth_method preshared oakley_group 5 auth_alg md5 encr_alg 3des }
578
579 # After said list, another keyword (or a '}') stops xform
580 # parsing.
581 }
582
583 {
584 # Let's try something a little more conventional.
585
586 label "host to .80 subnet"
587 local_id_type ip
588 local_id "10.1.86.51"
589
590 remote_id "" # Take any, use remote_addr for access control.
591
592 local_addr 10.1.86.51
593 remote_addr 10.1.80.0/24
594
595 p1_xform
596 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des }
597 p1_xform
598 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \
599 blowfish }
600 p1_xform
601 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg 3des }
602 p1_xform
603 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \
604 blowfish }
605 }
606
607 {
608 # Let's try something a little more conventional, but with ipv6.
609
610 label "host to fe80::/10 subnet"
611 local_id_type ip
612 local_id "fe80::a00:20ff:fe7d:6"
613
614 remote_id "" # Take any, use remote_addr for access control.
615
616 local_addr fe80::a00:20ff:fe7d:6
617 remote_addr fe80::/10
618
619 p1_xform
620 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des }
621 p1_xform
622 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \
623 blowfish }
624 p1_xform
625 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \
626 3des }
627 p1_xform
628 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \
629 blowfish }
630 }
631
632 {
633 # How 'bout something with a different cert type and name?
634
635 label "punchin-point"
636 local_id_type mbox
637 local_id "ipsec-wizard@domain.org"
638
639 remote_id "10.5.5.128"
640
641 local_addr 0.0.0.0/0
642 remote_addr 10.5.5.128
643
644 p1_xform
645 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \
646 blowfish }
647 }
648
649 {
650 label "receiver side"
651
652 remote_id "ipsec-wizard@domain.org"
653
654 local_id_type ip
655 local_id "10.5.5.128"
656
657 local_addr 10.5.5.128
658 remote_addr 0.0.0.0/0
659
660 p1_xform
661 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg blowfish }
662 # NOTE: Specifying preshared null-and-voids the remote_id/local_id
663 # fields.
664 p1_xform
665 { auth_method preshared oakley_group 5 auth_alg md5 encr_alg \
666 blowfish}
667
668 }
669
670
671 ATTRIBUTES
672 See attributes(5) for descriptions of the following attributes:
673
674
675
676
677 +--------------------+-----------------+
678 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
679 +--------------------+-----------------+
680 |Interface Stability | Committed |
681 +--------------------+-----------------+
682
683 SEE ALSO
684 cryptoadm(1M), ikeadm(1M), in.iked(1M), ikecert(1M), ipseckey(1M),
685 ipsecalgs(1M), ipsecconf(1M), svccfg(1M), dlopen(3C), attributes(5),
686 random(7D)
687
688
689 Harkins, Dan and Carrel, Dave. RFC 2409, Internet Key Exchange (IKE).
690 Cisco Systems, November 1998.
691
692
693 Maughan, Douglas et. al. RFC 2408, Internet Security Association and
694 Key Management Protocol (ISAKMP). National Security Agency, Ft. Meade,
695 MD. November 1998.
696
697
698 Piper, Derrell. RFC 2407, The Internet IP Security Domain of
699 Interpretation for ISAKMP. Network Alchemy. Santa Cruz, California.
700 November 1998.
701
702
703 Kivinen, T. RFC 3526, More Modular Exponential (MODP) Diffie-Hellman
704 Groups for Internet Key Exchange (IKE). The Internet Society, Network
705 Working Group. May 2003.
706
707
708 Lepinksi, M. and Kent, S. RFC 5114, Additional Diffie-Hellman Groups for
709 Use with IETF Standards. BBN Technologies, January 2008.
710
711
712 Fu, D. and Solinas, J. RFC 5903, Elliptic Curve Groups modulo a Prime
713 (ECP Groups) for IKE and IKEv2. NSA, June 2010.
714
715
716
717 April 27, 2009 IKE.CONFIG(4)