Configuring IPsec and IKE on Solaris, Part Three

    Date24 Sep 2002
    4063
    Posted ByAnthony Pell
    This is the third article in a three-part series on configuring IPsec and the Internet Key Exchange (IKE) on Solaris hosts. The first article covered the basics of IPsec and IKE. The second article focused on configuring IPsec to protect traffic . . . This is the third article in a three-part series on configuring IPsec and the Internet Key Exchange (IKE) on Solaris hosts. The first article covered the basics of IPsec and IKE. The second article focused on configuring IPsec to protect traffic between two Solaris hosts. This article will discuss the configuration of an IPsec VPN tunnel between two Solaris hosts.

    During the lab work for this article an annoying bug was discovered in the Solaris IPsec utilities. The configuration of ESP in the ipseckey utility is not possible in the default installation of Solaris. In order to use the ESP protocol defined in IPsec the following Solaris packages must be installed on the VPN gateways: SUNWcry and SUNWcryrx. These packages are available for download from the Sun Web site at no cost for registered users. No reference is made to these additional packages in Sun's on-line documentation and the only way to identify the problem is to do a search on SunSolve with a valid SunSolve account.

    Without these packages no encryption can be done to support ESP. Use the ndd command to determine whether the packages are already installed on the gateway hosts. If the encryption packages are not installed, the value of the "Encrytion Algorithms" field in the ndd query will be set to 1 as shown below:

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"7","type":"x","order":"1","pct":87.5,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.