1 IKE.CONFIG(4) File Formats and Configurations IKE.CONFIG(4)
2
3
4
5 NAME
6 ike.config - configuration file for IKE policy
7
8 SYNOPSIS
9 /etc/inet/ike/config
10
11
12 DESCRIPTION
13 The /etc/inet/ike/config file contains rules for matching inbound IKE
14 requests. It also contains rules for preparing outbound IKE requests.
15
16
17 You can test the syntactic correctness of an /etc/inet/ike/config file
18 by using the -c or -f options of in.iked(1M). You must use the -c
19 option to test a config file. You might need to use the -f option if it
20 is not in /etc/inet/ike/config.
21
22 Lexical Components
23 On any line, an unquoted # character introduces a comment. The
24 remainder of that line is ignored. Additionally, on any line, an
25 unquoted // sequence introduces a comment. The remainder of that line
26 is ignored.
27
28
29 There are several types of lexical tokens in the ike.config file:
30
31 num
32
33 A decimal, hex, or octal number representation is as in 'C'.
34
35
36 IPaddr/prefix/range
37
38 An IPv4 or IPv6 address with an optional /NNN suffix, (where NNN is
39 a num) that indicates an address (CIDR) prefix (for example,
40 10.1.2.0/24). An optional /ADDR suffix (where ADDR is a second IP
41 address) indicates an address/mask pair (for example,
42 10.1.2.0/255.255.255.0). An optional -ADDR suffix (where ADDR is a
43 second IPv4 address) indicates an inclusive range of addresses (for
44 example, 10.1.2.0-10.1.2.255). The / or - can be surrounded by an
45 arbitrary amount of white space.
46
47
48 XXX | YYY | ZZZ
49
50 Either the words XXX, YYY, or ZZZ, for example, {yes,no}.
51
52
53 p1-id-type
54
55 An IKE phase 1 identity type. IKE phase 1 identity types include:
56 dn, DN
57 dns, DNS
58 fqdn, FQDN
59 gn, GN
60 ip, IP
61 ipv4
62 ipv4_prefix
63 ipv4_range
64 ipv6
65 ipv6_prefix
66 ipv6_range
67 mbox, MBOX
68 user_fqdn
69
70
71 "string"
72
73 A quoted string.
74
75 Examples include:"Label foo", or "C=US, OU=Sun Microsystems\, Inc.,
76 N=olemcd@eng.example.com"
77
78 A backslash (\) is an escape character. If the string needs an
79 actual backslash, two must be specified.
80
81
82 cert-sel
83
84 A certificate selector, a string which specifies the identities of
85 zero or more certificates. The specifiers can conform to X.509
86 naming conventions.
87
88 A cert-sel can also use various shortcuts to match either subject
89 alternative names, the filename or slot of a certificate in
90 /etc/inet/ike/publickeys, or even the ISSUER. For example:
91
92 "SLOT=0"
93 "EMAIL=postmaster@domain.org"
94 "webmaster@domain.org" # Some just work w/o TYPE=
95 "IP=10.0.0.1"
96 "10.21.11.11" # Some just work w/o TYPE=
97 "DNS=www.domain.org"
98 "mailhost.domain.org" # Some just work w/o TYPE=
99 "ISSUER=C=US, O=Sun Microsystems\, Inc., CN=Sun CA"
100
101
102 Any cert-sel preceded by the character ! indicates a negative
103 match, that is, not matching this specifier. These are the same
104 kind of strings used in ikecert(1M).
105
106
107 ldap-list
108
109 A quoted, comma-separated list of LDAP servers and ports.
110
111 For example, "ldap1.example.com", "ldap1.example.com:389",
112 "ldap1.example.com:389,ldap2.example.com".
113
114 The default port for LDAP is 389.
115
116
117 parameter-list
118
119 A list of parameters.
120
121
122 File Body Entries
123 There are four main types of entries:
124
125 o global parameters
126
127 o IKE phase 1 transform defaults
128
129 o IKE rule defaults
130
131 o IKE rules
132
133
134 The global parameter entries are as follows:
135
136 cert_root cert-sel
137
138 The X.509 distinguished name of a certificate that is a trusted
139 root CA certificate. It must be encoded in a file in the
140 /etc/inet/ike/publickeys directory. It must have a CRL in
141 /etc/inet/ike/crls. Multiple cert_root parameters aggregate.
142
143
144 cert_trust cert-sel
145
146 Specifies an X.509 distinguished name of a certificate that is
147 self-signed, or has otherwise been verified as trustworthy for
148 signing IKE exchanges. It must be encoded in a file in
149 /etc/inet/ike/publickeys. Multiple cert_trust parameters aggregate.
150
151
152 expire_timer integer
153
154 The number of seconds to let a not-yet-complete IKE Phase I (Main
155 Mode) negotiation linger before deleting it. Default value: 300
156 seconds.
157
158
159 ignore_crls
160
161 If this keyword is present in the file, in.iked(1M) ignores
162 Certificate Revocation Lists (CRLs) for root CAs (as given in
163 cert_root)
164
165
166 ldap_server ldap-list
167
168 A list of LDAP servers to query for certificates. The list can be
169 additive.
170
171
172 pkcs11_path string
173
174 The string that follows is a name of a shared object (.so) that
175 implements the PKCS#11 standard. The name is passed directly into
176 dlopen(3C) for linking, with all of the semantics of that library
177 call. By default, in.iked(1M) runs the same ISA as the running
178 kernel, so a library specified using pkcs11_path and an absolute
179 pathname must match the same ISA as the kernel. One can use the
180 start/exec SMF property (see svccfg(1M)) to change in.iked's ISA,
181 but it is not recommended.
182
183 If this setting is not present, the default value is set to
184 libpkcs11.so. Most cryptographic providers go through the default
185 library, and this parameter should only be used if a specialized
186 provider of IKE-useful cryptographic services cannot interface with
187 the Solaris Cryptographic Framework. See cryptoadm(1M).
188
189 This option is now deprecated, and may be removed in a future
190 release.
191
192
193 retry_limit integer
194
195 The number of retransmits before any IKE negotiation is aborted.
196 Default value: 5 times.
197
198
199 retry_timer_init integer or float
200
201 The initial interval (in seconds) between retransmits. This
202 interval is doubled until the retry_timer_max value (see below) is
203 reached. Default value: 0.5 seconds.
204
205
206 retry_timer_max integer or float
207
208 The maximum interval (in seconds) between retransmits. The doubling
209 retransmit interval stops growing at this limit. Default value: 30
210 seconds.
211
212 Note -
213
214 This value is never reached with the default configuration. The
215 longest interval is 8 (0.5 * 2 ^ (5 - 1)) seconds.
216
217
218 proxy string
219
220 The string following this keyword must be a URL for an HTTP proxy,
221 for example, http://proxy:8080.
222
223
224 socks string
225
226 The string following this keyword must be a URL for a SOCKS proxy,
227 for example, socks://socks-proxy.
228
229
230 use_http
231
232 If this keyword is present in the file, in.iked(1M) uses HTTP to
233 retrieve Certificate Revocation Lists (CRLs).
234
235
236
237 The following IKE phase 1 transform parameters can be prefigured using
238 file-level defaults. Values specified within any given transform
239 override these defaults.
240
241
242 The IKE phase 1 transform defaults are as follows:
243
244 p1_lifetime_secs num
245
246 The proposed default lifetime, in seconds, of an IKE phase 1
247 security association (SA).
248
249
250 p1_nonce_len num
251
252 The length in bytes of the phase 1 (quick mode) nonce data. This
253 cannot be specified on a per-rule basis.
254
255
256
257 The following IKE rule parameters can be prefigured using file-level
258 defaults. Values specified within any given rule override these
259 defaults, unless a rule cannot.
260
261 p2_lifetime_secs num
262
263 The proposed default lifetime, in seconds, of an IKE phase 2
264 security association (SA). This value is optional. If omitted, a
265 default value is used.
266
267
268 p2_softlife_secs num
269
270 The soft lifetime of a phase 2 SA, in seconds. If this value is
271 specified, the SA soft expires after the number of seconds
272 specified by p2_softlife_secs. This causes in.iked to renegotiate a
273 new phase 2 SA before the original SA expires.
274
275 This value is optional, if omitted soft expiry occurs after 90% of
276 the lifetime specified by p2_lifetime_secs. The value specified by
277 p2_softlife_secs is ignored if p2_lifetime_secs is not specified.
278
279 Setting p2_softlife_secs to the same value as p2_lifetime_secs
280 disables soft expires.
281
282
283 p2_idletime_secs num
284
285 The idle lifetime of a phase 2 SA, in seconds. If the value is
286 specified, the value specifies the lifetime of the SA, if the
287 security association is not used before the SA is revalidated.
288
289
290 p2_lifetime_kb num
291
292 The lifetime of an SA can optionally be specified in kilobytes.
293 This parameter specifies the default value. If lifetimes are
294 specified in both seconds and kilobytes, the SA expires when either
295 the seconds or kilobyte thresholds are passed.
296
297
298 p2_softlife_kb num
299
300 This value is the number of kilobytes that can be protected by an
301 SA before a soft expire occurs (see p2_softlife_secs, above).
302
303 This value is optional. If omitted, soft expiry occurs after 90% of
304 the lifetime specified by p2_lifetime_kb. The value specified by
305 p2_softlife_kb is ignored if p2_lifetime_kb is not specified.
306
307
308 p2_nonce_len num
309
310 The length in bytes of the phase 2 (quick mode) nonce data. This
311 cannot be specified on a per-rule basis.
312
313
314 local_id_type p1-id-type
315
316 The local identity for IKE requires a type. This identity type is
317 reflected in the IKE exchange. The type can be one of the
318 following:
319
320 o an IP address (for example, 10.1.1.2)
321
322 o DNS name (for example, test.domain.com)
323
324 o MBOX RFC 822 name (for example, root@domain.com)
325
326 o DNX.509 distinguished name (for example, C=US, O=Sun
327 Microsystems Inc., CN=Sun Test cert)
328
329
330 p1_xform '{' parameter-list '}
331
332 A phase 1 transform specifies a method for protecting an IKE phase
333 1 exchange. An initiator offers up lists of phase 1 transforms,
334 and a receiver is expected to only accept such an entry if it
335 matches one in a phase 1 rule. There can be several of these, and
336 they are additive. There must be either at least one phase 1
337 transform in a rule or a global default phase 1 transform list. In
338 a configuration file without a global default phase 1 transform
339 list and a rule without a phase, transform list is an invalid file.
340 Unless specified as optional, elements in the parameter-list must
341 occur exactly once within a given transform's parameter-list:
342
343 oakley_group number
344
345 The Oakley Diffie-Hellman group used for IKE SA key derivation.
346 The group numbers are defined in RFC 2409, Appendix A, RFC
347 3526, and RFC 5114, section 3.2. Acceptable values are
348 currently:
349 1 (MODP 768-bit)
350 2 (MODP 1024-bit)
351 3 (EC2N 155-bit)
352 4 (EC2N 185-bit)
353 5 (MODP 1536-bit)
354 14 (MODP 2048-bit)
355 15 (MODP 3072-bit)
356 16 (MODP 4096-bit)
357 17 (MODP 6144-bit)
358 18 (MODP 8192-bit)
359 19 (ECP 256-bit)
360 20 (ECP 384-bit)
361 21 (ECP 521-bit)
362 22 (MODP 1024-bit, with 160-bit Prime Order Subgroup)
363 23 (MODP 2048-bit, with 224-bit Prime Order Subgroup)
364 24 (MODP 2048-bit, with 256-bit Prime Order Subgroup)
365 25 (ECP 192-bit)
366 26 (ECP 224-bit)
367
368
369 encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc,
370 aes, aes-cbc}
371
372 An encryption algorithm, as in ipsecconf(1M). However, of the
373 ciphers listed above, only aes and aes-cbc allow optional key-
374 size setting, using the "low value-to-high value" syntax. To
375 specify a single AES key size, the low value must equal the
376 high value. If no range is specified, all three AES key sizes
377 are allowed.
378
379
380 auth_alg {md5, sha, sha1, sha256, sha384, sha512}
381
382 An authentication algorithm.
383
384 Use ipsecalgs(1M) with the -l option to list the IPsec
385 protocols and algorithms currently defined on a system. The
386 cryptoadm list command displays a list of installed providers
387 and their mechanisms. See cryptoadm(1M).
388
389
390 auth_method {preshared, rsa_sig, rsa_encrypt, dss_sig}
391
392 The authentication method used for IKE phase 1.
393
394
395 p1_lifetime_secs num
396
397 Optional. The lifetime for a phase 1 SA.
398
399
400
401 p2_lifetime_secs num
402
403 If configuring the kernel defaults is not sufficient for different
404 tasks, this parameter can be used on a per-rule basis to set the
405 IPsec SA lifetimes in seconds.
406
407
408 p2_pfs num
409
410 Use perfect forward secrecy for phase 2 (quick mode). If selected,
411 the oakley group specified is used for phase 2 PFS. Acceptable
412 values are:
413 0 (do not use Perfect Forward Secrecy for IPsec SAs)
414 1 (768-bit)
415 2 (1024-bit)
416 5 (1536-bit)
417 14 (2048-bit)
418 15 (3072-bit)
419 16 (4096-bit)
420
421
422
423 An IKE rule starts with a right-curly-brace ({), ends with a left-
424 curly-brace (}), and has the following parameters in between:
425
426 label string
427
428 Required parameter. The administrative interface to in.iked looks
429 up phase 1 policy rules with the label as the search string. The
430 administrative interface also converts the label into an index,
431 suitable for an extended ACQUIRE message from PF_KEY - effectively
432 tying IPsec policy to IKE policy in the case of a node initiating
433 traffic. Only one label parameter is allowed per rule.
434
435
436 local_addr <IPaddr/prefix/range>
437
438 Required parameter. The local address, address prefix, or address
439 range for this phase 1 rule. Multiple local_addr parameters
440 accumulate within a given rule.
441
442
443 remote_addr <IPaddr/prefix/range>
444
445 Required parameter. The remote address, address prefix, or address
446 range for this phase 1 rule. Multiple remote_addr parameters
447 accumulate within a given rule.
448
449
450 local_id_type p1-id-type
451
452 Which phase 1 identity type I uses. This is needed because a single
453 certificate can contain multiple values for use in IKE phase 1.
454 Within a given rule, all phase 1 transforms must either use
455 preshared or non-preshared authentication (they cannot be mixed).
456 For rules with preshared authentication, the local_id_type
457 parameter is optional, and defaults to IP. For rules which use non-
458 preshared authentication, the 'local_id_type' parameter is
459 required. Multiple 'local_id_type' parameters within a rule are not
460 allowed.
461
462
463 local_id cert-sel
464
465 Disallowed for preshared authentication method; required parameter
466 for non-preshared authentication method. The local identity string
467 or certificate selector. Only one local identity per rule is used,
468 the first one stated.
469
470
471 remote_id cert-sel
472
473 Disallowed for preshared authentication method; required parameter
474 for non-preshared authentication method. Selector for which remote
475 phase 1 identities are allowed by this rule. Multiple remote_id
476 parameters accumulate within a given rule. If a single empty string
477 ("") is given, then this accepts any remote ID for phase 1. It is
478 recommended that certificate trust chains or address enforcement be
479 configured strictly to prevent a breakdown in security if this
480 value for remote_id is used.
481
482
483 p2_lifetime_secs num
484
485 If configuring the kernel defaults is not sufficient for different
486 tasks, this parameter can be used on a per-rule basis to set the
487 IPsec SA lifetimes in seconds.
488
489
490 p2_pfs num
491
492 Use perfect forward secrecy for phase 2 (quick mode). If selected,
493 the oakley group specified is used for phase 2 PFS. Acceptable
494 values are:
495 0 (do not use Perfect Forward Secrecy for IPsec SAs)
496 1 (768-bit)
497 2 (1024-bit)
498 5 (1536-bit)
499 14 (2048-bit)
500 15 (3072-bit)
501 16 (4096-bit)
502
503
504 p1_xform { parameter-list }
505
506 A phase 1 transform specifies a method for protecting an IKE phase
507 1 exchange. An initiator offers up lists of phase 1 transforms,
508 and a receiver is expected to only accept such an entry if it
509 matches one in a phase 1 rule. There can be several of these, and
510 they are additive. There must be either at least one phase 1
511 transform in a rule or a global default phase 1 transform list. A
512 ike.config file without a global default phase 1transform list and
513 a rule without a phase 1 transform list is an invalid file.
514 Elements within the parameter-list; unless specified as optional,
515 must occur exactly once within a given transform's parameter-list:
516
517 oakley_group number
518
519 The Oakley Diffie-Hellman group used for IKE SA key derivation.
520 Acceptable values are currently:
521 1 (768-bit)
522 2 (1024-bit)
523 5 (1536-bit)
524 14 (2048-bit)
525 15 (3072-bit)
526 16 (4096-bit)
527
528
529 encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc,
530 aes, aes-cbc}
531
532 An encryption algorithm, as in ipsecconf(1M). However, of the
533 ciphers listed above, only aes and aes-cbc allow optional key-
534 size setting, using the "low value-to-high value" syntax. To
535 specify a single AES key size, the low value must equal the
536 high value. If no range is specified, all three AES key sizes
537 are allowed.
538
539
540 auth_alg {md5, sha, sha1}
541
542 An authentication algorithm, as specified in ipseckey(1M).
543
544
545 auth_method {preshared, rsa_sig, rsa_encrypt, dss_sig}
546
547 The authentication method used for IKE phase 1.
548
549
550 p1_lifetime_secs num
551
552 Optional. The lifetime for a phase 1 SA.
553
554
555
556 EXAMPLES
557 Example 1 A Sample ike.config File
558
559
560 The following is an example of an ike.config file:
561
562
563
564 ### BEGINNING OF FILE
565
566 ### First some global parameters...
567
568 ### certificate parameters...
569
570 # Root certificates. I SHOULD use a full Distinguished Name.
571 # I must have this certificate in my local filesystem, see ikecert(1m).
572 cert_root "C=US, O=Sun Microsystems\, Inc., CN=Sun CA"
573
574 # Explicitly trusted certs that need no signatures, or perhaps
575 # self-signed ones. Like root certificates, use full DNs for them
576 # for now.
577 cert_trust "EMAIL=root@domain.org"
578
579 # Where do I send LDAP requests?
580 ldap_server "ldap1.domain.org,ldap2.domain.org:389"
581
582 ## phase 1 transform defaults...
583
584 p1_lifetime_secs 14400
585 p1_nonce_len 20
586
587 ## Parameters that might also show up in rules.
588
589 p1_xform { auth_method preshared oakley_group 5 auth_alg sha
590 encr_alg 3des }
591 p2_pfs 2
592
593
594
595 ### Now some rules...
596
597 {
598 label "simple inheritor"
599 local_id_type ip
600 local_addr 10.1.1.1
601 remote_addr 10.1.1.2
602 }
603 {
604 label "simple inheritor IPv6"
605 local_id_type ipv6
606 local_addr fe80::a00:20ff:fe7d:6
607 remote_addr fe80::a00:20ff:fefb:3780
608 }
609
610 {
611 # an index-only rule. If I'm a receiver, and all I
612 # have are index-only rules, what do I do about inbound IKE requests?
613 # Answer: Take them all!
614
615 label "default rule"
616 # Use whatever "host" (e.g. IP address) identity is appropriate
617 local_id_type ipv4
618
619 local_addr 0.0.0.0/0
620 remote_addr 0.0.0.0/0
621
622 p2_pfs 5
623
624 # Now I'm going to have the p1_xforms
625 p1_xform
626 {auth_method preshared oakley_group 5 auth_alg md5 encr_alg \
627 blowfish } p1_xform
628 {auth_method preshared oakley_group 5 auth_alg md5 encr_alg 3des }
629
630 # After said list, another keyword (or a '}') stops xform
631 # parsing.
632 }
633
634 {
635 # Let's try something a little more conventional.
636
637 label "host to .80 subnet"
638 local_id_type ip
639 local_id "10.1.86.51"
640
641 remote_id "" # Take any, use remote_addr for access control.
642
643 local_addr 10.1.86.51
644 remote_addr 10.1.80.0/24
645
646 p1_xform
647 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des }
648 p1_xform
649 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \
650 blowfish }
651 p1_xform
652 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg 3des }
653 p1_xform
654 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \
655 blowfish }
656 }
657
658 {
659 # Let's try something a little more conventional, but with ipv6.
660
661 label "host to fe80::/10 subnet"
662 local_id_type ip
663 local_id "fe80::a00:20ff:fe7d:6"
664
665 remote_id "" # Take any, use remote_addr for access control.
666
667 local_addr fe80::a00:20ff:fe7d:6
668 remote_addr fe80::/10
669
670 p1_xform
671 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des }
672 p1_xform
673 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \
674 blowfish }
675 p1_xform
676 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \
677 3des }
678 p1_xform
679 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \
680 blowfish }
681 }
682
683 {
684 # How 'bout something with a different cert type and name?
685
686 label "punchin-point"
687 local_id_type mbox
688 local_id "ipsec-wizard@domain.org"
689
690 remote_id "10.5.5.128"
691
692 local_addr 0.0.0.0/0
693 remote_addr 10.5.5.128
694
695 p1_xform
696 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \
697 blowfish }
698 }
699
700 {
701 label "receiver side"
702
703 remote_id "ipsec-wizard@domain.org"
704
705 local_id_type ip
706 local_id "10.5.5.128"
707
708 local_addr 10.5.5.128
709 remote_addr 0.0.0.0/0
710
711 p1_xform
712 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg blowfish }
713 # NOTE: Specifying preshared null-and-voids the remote_id/local_id
714 # fields.
715 p1_xform
716 { auth_method preshared oakley_group 5 auth_alg md5 encr_alg \
717 blowfish}
718
719 }
720
721
722 ATTRIBUTES
723 See attributes(5) for descriptions of the following attributes:
724
725
726
727
728 +--------------------+-----------------+
729 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
730 +--------------------+-----------------+
731 |Interface Stability | Committed |
732 +--------------------+-----------------+
733
734 SEE ALSO
735 cryptoadm(1M), ikeadm(1M), in.iked(1M), ikecert(1M), ipseckey(1M),
736 ipsecalgs(1M), ipsecconf(1M), svccfg(1M), dlopen(3C), attributes(5),
737 random(7D)
738
739
740 Harkins, Dan and Carrel, Dave. RFC 2409, Internet Key Exchange (IKE).
741 Cisco Systems, November 1998.
742
743
744 Maughan, Douglas et. al. RFC 2408, Internet Security Association and
745 Key Management Protocol (ISAKMP). National Security Agency, Ft. Meade,
746 MD. November 1998.
747
748
749 Piper, Derrell. RFC 2407, The Internet IP Security Domain of
750 Interpretation for ISAKMP. Network Alchemy. Santa Cruz, California.
751 November 1998.
752
753
754 Kivinen, T. RFC 3526, More Modular Exponential (MODP) Diffie-Hellman
755 Groups for Internet Key Exchange (IKE). The Internet Society, Network
756 Working Group. May 2003.
757
758
759 Lepinksi, M. and Kent, S. RFC 5114, Additional Diffie-Hellman Groups
760 for Use with IETF Standards. BBN Technologies, January 2008.
761
762
763 Fu, D. and Solinas, J. RFC 5903, Elliptic Curve Groups modulo a Prime
764 (ECP Groups) for IKE and IKEv2. NSA, June 2010.
765
766
767
768 April 27, 2009 IKE.CONFIG(4)