1 IKE.CONFIG(4) File Formats and Configurations IKE.CONFIG(4) 2 3 4 5 NAME 6 ike.config - configuration file for IKE policy 7 8 SYNOPSIS 9 /etc/inet/ike/config 10 11 12 DESCRIPTION 13 The /etc/inet/ike/config file contains rules for matching inbound IKE 14 requests. It also contains rules for preparing outbound IKE requests. 15 16 17 You can test the syntactic correctness of an /etc/inet/ike/config file 18 by using the -c or -f options of in.iked(1M). You must use the -c 19 option to test a config file. You might need to use the -f option if it 20 is not in /etc/inet/ike/config. 21 22 Lexical Components 23 On any line, an unquoted # character introduces a comment. The 24 remainder of that line is ignored. Additionally, on any line, an 25 unquoted // sequence introduces a comment. The remainder of that line 26 is ignored. 27 28 29 There are several types of lexical tokens in the ike.config file: 30 31 num 32 33 A decimal, hex, or octal number representation is as in 'C'. 34 35 36 IPaddr/prefix/range 37 38 An IPv4 or IPv6 address with an optional /NNN suffix, (where NNN is 39 a num) that indicates an address (CIDR) prefix (for example, 40 10.1.2.0/24). An optional /ADDR suffix (where ADDR is a second IP 41 address) indicates an address/mask pair (for example, 42 10.1.2.0/255.255.255.0). An optional -ADDR suffix (where ADDR is a 43 second IPv4 address) indicates an inclusive range of addresses (for 44 example, 10.1.2.0-10.1.2.255). The / or - can be surrounded by an 45 arbitrary amount of white space. 46 47 48 XXX | YYY | ZZZ 49 50 Either the words XXX, YYY, or ZZZ, for example, {yes,no}. 51 52 53 p1-id-type 54 55 An IKE phase 1 identity type. IKE phase 1 identity types include: 56 dn, DN 57 dns, DNS 58 fqdn, FQDN 59 gn, GN 60 ip, IP 61 ipv4 62 ipv4_prefix 63 ipv4_range 64 ipv6 65 ipv6_prefix 66 ipv6_range 67 mbox, MBOX 68 user_fqdn 69 70 71 "string" 72 73 A quoted string. 74 75 Examples include:"Label foo", or "C=US, OU=Sun Microsystems\, Inc., 76 N=olemcd@eng.example.com" 77 78 A backslash (\) is an escape character. If the string needs an 79 actual backslash, two must be specified. 80 81 82 cert-sel 83 84 A certificate selector, a string which specifies the identities of 85 zero or more certificates. The specifiers can conform to X.509 86 naming conventions. 87 88 A cert-sel can also use various shortcuts to match either subject 89 alternative names, the filename or slot of a certificate in 90 /etc/inet/ike/publickeys, or even the ISSUER. For example: 91 92 "SLOT=0" 93 "EMAIL=postmaster@domain.org" 94 "webmaster@domain.org" # Some just work w/o TYPE= 95 "IP=10.0.0.1" 96 "10.21.11.11" # Some just work w/o TYPE= 97 "DNS=www.domain.org" 98 "mailhost.domain.org" # Some just work w/o TYPE= 99 "ISSUER=C=US, O=Sun Microsystems\, Inc., CN=Sun CA" 100 101 102 Any cert-sel preceded by the character ! indicates a negative 103 match, that is, not matching this specifier. These are the same 104 kind of strings used in ikecert(1M). 105 106 107 ldap-list 108 109 A quoted, comma-separated list of LDAP servers and ports. 110 111 For example, "ldap1.example.com", "ldap1.example.com:389", 112 "ldap1.example.com:389,ldap2.example.com". 113 114 The default port for LDAP is 389. 115 116 117 parameter-list 118 119 A list of parameters. 120 121 122 File Body Entries 123 There are four main types of entries: 124 125 o global parameters 126 127 o IKE phase 1 transform defaults 128 129 o IKE rule defaults 130 131 o IKE rules 132 133 134 The global parameter entries are as follows: 135 136 cert_root cert-sel 137 138 The X.509 distinguished name of a certificate that is a trusted 139 root CA certificate.It must be encoded in a file in the 140 /etc/inet/ike/publickeys directory. It must have a CRL in 141 /etc/inet/ike/crls. Multiple cert_root parameters aggregate. 142 143 144 cert_trust cert-sel 145 146 Specifies an X.509 distinguished name of a certificate that is 147 self-signed, or has otherwise been verified as trustworthy for 148 signing IKE exchanges. It must be encoded in a file in 149 /etc/inet/ike/publickeys. Multiple cert_trust parameters aggregate. 150 151 152 expire_timer integer 153 154 The number of seconds to let a not-yet-complete IKE Phase I (Main 155 Mode) negotiation linger before deleting it. Default value: 300 156 seconds. 157 158 159 ignore_crls 160 161 If this keyword is present in the file, in.iked(1M) ignores 162 Certificate Revocation Lists (CRLs) for root CAs (as given in 163 cert_root) 164 165 166 ldap_server ldap-list 167 168 A list of LDAP servers to query for certificates. The list can be 169 additive. 170 171 172 pkcs11_path string 173 174 The string that follows is a name of a shared object (.so) that 175 implements the PKCS#11 standard. The name is passed directly into 176 dlopen(3C) for linking, with all of the semantics of that library 177 call. By default, in.iked(1M) runs the same ISA as the running 178 kernel, so a library specified using pkcs11_path and an absolute 179 pathname must match the same ISA as the kernel. One can use the 180 start/exec SMF property (see svccfg(1M)) to change in.iked's ISA, 181 but it is not recommended. 182 183 If this setting is not present, the default value is set to 184 libpkcs11.so. Most cryptographic providers go through the default 185 library, and this parameter should only be used if a specialized 186 provider of IKE-useful cryptographic services cannot interface with 187 the Solaris Cryptographic Framework. See cryptoadm(1M). 188 189 This option is now deprecated, and may be removed in a future 190 release. 191 192 193 retry_limit integer 194 195 The number of retransmits before any IKE negotiation is aborted. 196 Default value: 5 times. 197 198 199 retry_timer_init integer or float 200 201 The initial interval (in seconds) between retransmits. This 202 interval is doubled until the retry_timer_max value (see below) is 203 reached. Default value: 0.5 seconds. 204 205 206 retry_timer_max integer or float 207 208 The maximum interval (in seconds) between retransmits. The doubling 209 retransmit interval stops growing at this limit. Default value: 30 210 seconds. 211 212 Note - 213 214 This value is never reached with the default configuration. The 215 longest interval is 8 (0.5 * 2 ^ (5 - 1)) seconds. 216 217 218 proxy string 219 220 The string following this keyword must be a URL for an HTTP proxy, 221 for example, http://proxy:8080. 222 223 224 socks string 225 226 The string following this keyword must be a URL for a SOCKS proxy, 227 for example, socks://socks-proxy. 228 229 230 use_http 231 232 If this keyword is present in the file, in.iked(1M) uses HTTP to 233 retrieve Certificate Revocation Lists (CRLs). 234 235 236 237 The following IKE phase 1 transform parameters can be prefigured using 238 file-level defaults. Values specified within any given transform 239 override these defaults. 240 241 242 The IKE phase 1 transform defaults are as follows: 243 244 p1_lifetime_secs num 245 246 The proposed default lifetime, in seconds, of an IKE phase 1 247 security association (SA). 248 249 250 p1_nonce_len num 251 252 The length in bytes of the phase 1 (quick mode) nonce data. This 253 cannot be specified on a per-rule basis. 254 255 256 257 The following IKE rule parameters can be prefigured using file-level 258 defaults. Values specified within any given rule override these 259 defaults, unless a rule cannot. 260 261 p2_lifetime_secs num 262 263 The proposed default lifetime, in seconds, of an IKE phase 2 264 security association (SA). This value is optional. If omitted, a 265 default value is used. 266 267 268 p2_softlife_secs num 269 270 The soft lifetime of a phase 2 SA, in seconds. If this value is 271 specified, the SA soft expires after the number of seconds 272 specified by p2_softlife_secs. This causes in.iked to renegotiate a 273 new phase 2 SA before the original SA expires. 274 275 This value is optional, if omitted soft expiry occurs after 90% of 276 the lifetime specified by p2_lifetime_secs. The value specified by 277 p2_softlife_secs is ignored if p2_lifetime_secs is not specified. 278 279 Setting p2_softlife_secs to the same value as p2_lifetime_secs 280 disables soft expires. 281 282 283 p2_idletime_secs num 284 285 The idle lifetime of a phase 2 SA, in seconds. If the value is 286 specified, the value specifies the lifetime of the SA, if the 287 security association is not used before the SA is revalidated. 288 289 290 p2_lifetime_kb num 291 292 The lifetime of an SA can optionally be specified in kilobytes. 293 This parameter specifies the default value. If lifetimes are 294 specified in both seconds and kilobytes, the SA expires when either 295 the seconds or kilobyte thresholds are passed. 296 297 298 p2_softlife_kb num 299 300 This value is the number of kilobytes that can be protected by an 301 SA before a soft expire occurs (see p2_softlife_secs, above). 302 303 This value is optional. If omitted, soft expiry occurs after 90% of 304 the lifetime specified by p2_lifetime_kb. The value specified by 305 p2_softlife_kb is ignored if p2_lifetime_kb is not specified. 306 307 308 p2_nonce_len num 309 310 The length in bytes of the phase 2 (quick mode) nonce data. This 311 cannot be specified on a per-rule basis. 312 313 314 local_id_type p1-id-type 315 316 The local identity for IKE requires a type. This identity type is 317 reflected in the IKE exchange. The type can be one of the 318 following: 319 320 o an IP address (for example, 10.1.1.2) 321 322 o DNS name (for example, test.domain.com) 323 324 o MBOX RFC 822 name (for example, root@domain.com) 325 326 o DNX.509 distinguished name (for example, C=US, O=Sun 327 Microsystems Inc., CN=Sun Test cert) 328 329 330 p1_xform '{' parameter-list '} 331 332 A phase 1 transform specifies a method for protecting an IKE phase 333 1 exchange. An initiator offers up lists of phase 1 transforms, 334 and a receiver is expected to only accept such an entry if it 335 matches one in a phase 1 rule. There can be several of these, and 336 they are additive. There must be either at least one phase 1 337 transform in a rule or a global default phase 1 transform list. In 338 a configuration file without a global default phase 1 transform 339 list and a rule without a phase, transform list is an invalid file. 340 Unless specified as optional, elements in the parameter-list must 341 occur exactly once within a given transform's parameter-list: 342 343 oakley_group number 344 345 The Oakley Diffie-Hellman group used for IKE SA key derivation. 346 The group numbers are defined in RFC 2409, Appendix A, RFC 347 3526, and RFC 5114, section 3.2. Acceptable values are 348 currently: 349 1 (MODP 768-bit) 350 2 (MODP 1024-bit) 351 3 (EC2N 155-bit) 352 4 (EC2N 185-bit) 353 5 (MODP 1536-bit) 354 14 (MODP 2048-bit) 355 15 (MODP 3072-bit) 356 16 (MODP 4096-bit) 357 17 (MODP 6144-bit) 358 18 (MODP 8192-bit) 359 19 (ECP 256-bit) 360 20 (ECP 384-bit) 361 21 (ECP 521-bit) 362 22 (MODP 1024-bit, with 160-bit Prime Order Subgroup) 363 23 (MODP 2048-bit, with 224-bit Prime Order Subgroup) 364 24 (MODP 2048-bit, with 256-bit Prime Order Subgroup) 365 25 (ECP 192-bit) 366 26 (ECP 224-bit) 367 368 369 encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc, 370 aes, aes-cbc} 371 372 An encryption algorithm, as in ipsecconf(1M). However, of the 373 ciphers listed above, only aes and aes-cbc allow optional key- 374 size setting, using the "low value-to-high value" syntax. To 375 specify a single AES key size, the low value must equal the 376 high value. If no range is specified, all three AES key sizes 377 are allowed. 378 379 380 auth_alg {md5, sha, sha1, sha256, sha384, sha512} 381 382 An authentication algorithm. 383 384 Use ipsecalgs(1M) with the -l option to list the IPsec 385 protocols and algorithms currently defined on a system. The 386 cryptoadm list command displays a list of installed providers 387 and their mechanisms. See cryptoadm(1M). 388 389 390 auth_method {preshared, rsa_sig, rsa_encrypt, dss_sig} 391 392 The authentication method used for IKE phase 1. 393 394 395 p1_lifetime_secs num 396 397 Optional. The lifetime for a phase 1 SA. 398 399 400 401 p2_lifetime_secs num 402 403 If configuring the kernel defaults is not sufficient for different 404 tasks, this parameter can be used on a per-rule basis to set the 405 IPsec SA lifetimes in seconds. 406 407 408 p2_pfs num 409 410 Use perfect forward secrecy for phase 2 (quick mode). If selected, 411 the oakley group specified is used for phase 2 PFS. Acceptable 412 values are: 413 0 (do not use Perfect Forward Secrecy for IPsec SAs) 414 1 (768-bit) 415 2 (1024-bit) 416 5 (1536-bit) 417 14 (2048-bit) 418 15 (3072-bit) 419 16 (4096-bit) 420 421 422 423 An IKE rule starts with a right-curly-brace ({), ends with a left- 424 curly-brace (}), and has the following parameters in between: 425 426 label string 427 428 Required parameter. The administrative interface to in.iked looks 429 up phase 1 policy rules with the label as the search string. The 430 administrative interface also converts the label into an index, 431 suitable for an extended ACQUIRE message from PF_KEY - effectively 432 tying IPsec policy to IKE policy in the case of a node initiating 433 traffic. Only one label parameter is allowed per rule. 434 435 436 local_addr <IPaddr/prefix/range> 437 438 Required parameter. The local address, address prefix, or address 439 range for this phase 1 rule. Multiple local_addr parameters 440 accumulate within a given rule. 441 442 443 remote_addr <IPaddr/prefix/range> 444 445 Required parameter. The remote address, address prefix, or address 446 range for this phase 1 rule. Multiple remote_addr parameters 447 accumulate within a given rule. 448 449 450 local_id_type p1-id-type 451 452 Which phase 1 identity type I uses. This is needed because a single 453 certificate can contain multiple values for use in IKE phase 1. 454 Within a given rule, all phase 1 transforms must either use 455 preshared or non-preshared authentication (they cannot be mixed). 456 For rules with preshared authentication, the local_id_type 457 parameter is optional, and defaults to IP. For rules which use non- 458 preshared authentication, the 'local_id_type' parameter is 459 required. Multiple 'local_id_type' parameters within a rule are not 460 allowed. 461 462 463 local_id cert-sel 464 465 Disallowed for preshared authentication method; required parameter 466 for non-preshared authentication method. The local identity string 467 or certificate selector. Only one local identity per rule is used, 468 the first one stated. 469 470 471 remote_id cert-sel 472 473 Disallowed for preshared authentication method; required parameter 474 for non-preshared authentication method. Selector for which remote 475 phase 1 identities are allowed by this rule. Multiple remote_id 476 parameters accumulate within a given rule. If a single empty string 477 ("") is given, then this accepts any remote ID for phase 1. It is 478 recommended that certificate trust chains or address enforcement be 479 configured strictly to prevent a breakdown in security if this 480 value for remote_id is used. 481 482 483 p2_lifetime_secs num 484 485 If configuring the kernel defaults is not sufficient for different 486 tasks, this parameter can be used on a per-rule basis to set the 487 IPsec SA lifetimes in seconds. 488 489 490 p2_pfs num 491 492 Use perfect forward secrecy for phase 2 (quick mode). If selected, 493 the oakley group specified is used for phase 2 PFS. Acceptable 494 values are: 495 0 (do not use Perfect Forward Secrecy for IPsec SAs) 496 1 (768-bit) 497 2 (1024-bit) 498 5 (1536-bit) 499 14 (2048-bit) 500 15 (3072-bit) 501 16 (4096-bit) 502 503 504 p1_xform { parameter-list } 505 506 A phase 1 transform specifies a method for protecting an IKE phase 507 1 exchange. An initiator offers up lists of phase 1 transforms, 508 and a receiver is expected to only accept such an entry if it 509 matches one in a phase 1 rule. There can be several of these, and 510 they are additive. There must be either at least one phase 1 511 transform in a rule or a global default phase 1 transform list. A 512 ike.config file without a global default phase 1transform list and 513 a rule without a phase 1 transform list is an invalid file. 514 Elements within the parameter-list; unless specified as optional, 515 must occur exactly once within a given transform's parameter-list: 516 517 oakley_group number 518 519 The Oakley Diffie-Hellman group used for IKE SA key derivation. 520 Acceptable values are currently: 521 1 (768-bit) 522 2 (1024-bit) 523 5 (1536-bit) 524 14 (2048-bit) 525 15 (3072-bit) 526 16 (4096-bit) 527 528 529 encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc, 530 aes, aes-cbc} 531 532 An encryption algorithm, as in ipsecconf(1M). However, of the 533 ciphers listed above, only aes and aes-cbc allow optional key- 534 size setting, using the "low value-to-high value" syntax. To 535 specify a single AES key size, the low value must equal the 536 high value. If no range is specified, all three AES key sizes 537 are allowed. 538 539 540 auth_alg {md5, sha, sha1} 541 542 An authentication algorithm, as specified in ipseckey(1M). 543 544 545 auth_method {preshared, rsa_sig, rsa_encrypt, dss_sig} 546 547 The authentication method used for IKE phase 1. 548 549 550 p1_lifetime_secs num 551 552 Optional. The lifetime for a phase 1 SA. 553 554 555 556 EXAMPLES 557 Example 1 A Sample ike.config File 558 559 560 The following is an example of an ike.config file: 561 562 563 564 ### BEGINNING OF FILE 565 566 ### First some global parameters... 567 568 ### certificate parameters... 569 570 # Root certificates. I SHOULD use a full Distinguished Name. 571 # I must have this certificate in my local filesystem, see ikecert(1m). 572 cert_root "C=US, O=Sun Microsystems\, Inc., CN=Sun CA" 573 574 # Explicitly trusted certs that need no signatures, or perhaps 575 # self-signed ones. Like root certificates, use full DNs for them 576 # for now. 577 cert_trust "EMAIL=root@domain.org" 578 579 # Where do I send LDAP requests? 580 ldap_server "ldap1.domain.org,ldap2.domain.org:389" 581 582 ## phase 1 transform defaults... 583 584 p1_lifetime_secs 14400 585 p1_nonce_len 20 586 587 ## Parameters that might also show up in rules. 588 589 p1_xform { auth_method preshared oakley_group 5 auth_alg sha 590 encr_alg 3des } 591 p2_pfs 2 592 593 594 595 ### Now some rules... 596 597 { 598 label "simple inheritor" 599 local_id_type ip 600 local_addr 10.1.1.1 601 remote_addr 10.1.1.2 602 } 603 { 604 label "simple inheritor IPv6" 605 local_id_type ipv6 606 local_addr fe80::a00:20ff:fe7d:6 607 remote_addr fe80::a00:20ff:fefb:3780 608 } 609 610 { 611 # an index-only rule. If I'm a receiver, and all I 612 # have are index-only rules, what do I do about inbound IKE requests? 613 # Answer: Take them all! 614 615 label "default rule" 616 # Use whatever "host" (e.g. IP address) identity is appropriate 617 local_id_type ipv4 618 619 local_addr 0.0.0.0/0 620 remote_addr 0.0.0.0/0 621 622 p2_pfs 5 623 624 # Now I'm going to have the p1_xforms 625 p1_xform 626 {auth_method preshared oakley_group 5 auth_alg md5 encr_alg \ 627 blowfish } p1_xform 628 {auth_method preshared oakley_group 5 auth_alg md5 encr_alg 3des } 629 630 # After said list, another keyword (or a '}') stops xform 631 # parsing. 632 } 633 634 { 635 # Let's try something a little more conventional. 636 637 label "host to .80 subnet" 638 local_id_type ip 639 local_id "10.1.86.51" 640 641 remote_id "" # Take any, use remote_addr for access control. 642 643 local_addr 10.1.86.51 644 remote_addr 10.1.80.0/24 645 646 p1_xform 647 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des } 648 p1_xform 649 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \ 650 blowfish } 651 p1_xform 652 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg 3des } 653 p1_xform 654 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \ 655 blowfish } 656 } 657 658 { 659 # Let's try something a little more conventional, but with ipv6. 660 661 label "host to fe80::/10 subnet" 662 local_id_type ip 663 local_id "fe80::a00:20ff:fe7d:6" 664 665 remote_id "" # Take any, use remote_addr for access control. 666 667 local_addr fe80::a00:20ff:fe7d:6 668 remote_addr fe80::/10 669 670 p1_xform 671 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des } 672 p1_xform 673 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \ 674 blowfish } 675 p1_xform 676 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \ 677 3des } 678 p1_xform 679 { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \ 680 blowfish } 681 } 682 683 { 684 # How 'bout something with a different cert type and name? 685 686 label "punchin-point" 687 local_id_type mbox 688 local_id "ipsec-wizard@domain.org" 689 690 remote_id "10.5.5.128" 691 692 local_addr 0.0.0.0/0 693 remote_addr 10.5.5.128 694 695 p1_xform 696 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \ 697 blowfish } 698 } 699 700 { 701 label "receiver side" 702 703 remote_id "ipsec-wizard@domain.org" 704 705 local_id_type ip 706 local_id "10.5.5.128" 707 708 local_addr 10.5.5.128 709 remote_addr 0.0.0.0/0 710 711 p1_xform 712 { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg blowfish } 713 # NOTE: Specifying preshared null-and-voids the remote_id/local_id 714 # fields. 715 p1_xform 716 { auth_method preshared oakley_group 5 auth_alg md5 encr_alg \ 717 blowfish} 718 719 } 720 721 722 ATTRIBUTES 723 See attributes(5) for descriptions of the following attributes: 724 725 726 727 728 +--------------------+-----------------+ 729 | ATTRIBUTE TYPE | ATTRIBUTE VALUE | 730 +--------------------+-----------------+ 731 |Interface Stability | Committed | 732 +--------------------+-----------------+ 733 734 SEE ALSO 735 cryptoadm(1M), ikeadm(1M), in.iked(1M), ikecert(1M), ipseckey(1M), 736 ipsecalgs(1M), ipsecconf(1M), svccfg(1M), dlopen(3C), attributes(5), 737 random(7D) 738 739 740 Harkins, Dan and Carrel, Dave. RFC 2409, Internet Key Exchange (IKE). 741 Cisco Systems, November 1998. 742 743 744 Maughan, Douglas et. al. RFC 2408, Internet Security Association and 745 Key Management Protocol (ISAKMP). National Security Agency, Ft. Meade, 746 MD. November 1998. 747 748 749 Piper, Derrell. RFC 2407, The Internet IP Security Domain of 750 Interpretation for ISAKMP. Network Alchemy. Santa Cruz, California. 751 November 1998. 752 753 754 Kivinen, T. RFC 3526, More Modular Exponential (MODP) Diffie-Hellman 755 Groups for Internet Key Exchange (IKE). The Internet Society, Network 756 Working Group. May 2003. 757 758 759 Lepinksi, M. and Kent, S. RFC 5114, Additional Diffie-Hellman Groups 760 for Use with IETF Standards. BBN Technologies, January 2008. 761 762 763 Fu, D. and Solinas, J. RFC 5903, Elliptic Curve Groups modulo a Prime 764 (ECP Groups) for IKE and IKEv2. NSA, June 2010. 765 766 767 768 April 27, 2009 IKE.CONFIG(4)