Hi,
does anyone have an experience how many IPSec tunnels Solaris 10 is able manage. A rough estimation would be great.
I know it's hardly dependent on the hardware used, so if anyone says on a 490 with 2 CPUs and 4GB RAM a maximum of 1000 IPSec tunnels is possible, that would be great.
I... (1 Reply)
Hello,
I have configured IPSEC between two AIX Server v5.2 using IKE transport. When I try to transfer a files from one server to another, it is very very slow and the file transfer has been terminated after 25% completes. How to overcome this problem? Please advsie. Thanks (0 Replies)
Hello,
I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue.
... (0 Replies)
Hi,
I am trying to set a policy between 2 machines for all the ports except for 22 i.e. for tcp - basically I want to bypass ssh. But my policy doesn't seem to work. Here are the entries
spdadd 1.2.3.4 4.3.2.1 any -P out prio 100 ipsec esp/transport//require ah/transport//require;
spdadd... (0 Replies)
Hi, this is my first post...:p
Hello Admin :)
Can I have an ask for something with my configuration ?
I have finished some kind of the tutorial to build ipsec site to site, and the "step" has finished completely.
I have a simulation with a local design topology with two PC's (FreeBSD ... (0 Replies)
hello,
after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration!
I also generate different key for AH and ESP as i have shown below.
what is my problem and what should i do to have ping and test the configuration?
code:
... (0 Replies)
Hi Guys,
Please could you tell me if it is possible to have a single rule/filter to allow a certain port range instead of a separate rule for each port?
I'm sure it must be possible but I am unable to find the syntax.
Thanks
Chris (4 Replies)
Hi ! all I am just trying to check range in my datafile
pls tell me why its resulting wrong
admin@IEEE:~/Desktop$ cat test.txt
0 28.4
5 28.4
10 28.4
15 28.5
20 28.5
25 28.6
30 28.6
35 28.7
40 28.7
45 28.7
50 28.8
55 28.8
60 28.8
65 28.1... (2 Replies)
Hi all,
I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Discussion started by: ivancd
4 Replies
LEARN ABOUT X11R4
ike.preshared
ike.preshared(4) File Formats ike.preshared(4)NAME
ike.preshared - pre-shared keys file for IKE
SYNOPSIS
/etc/inet/secret/ike.preshared
DESCRIPTION
The /etc/inet/secret/ike.preshared file contains secret keying material that two IKE instances can use to authenticate each other. Because
of the sensitive nature of this data, it is kept in the /etc/inet/secret directory, which is only accessible by root.
Pre-shared keys are delimited by open-curly-brace ({) and close-curly-brace (}) characters. There are five name-value pairs required inside
a pre-shared key:
Name Value Example
localidtype IP localidtype IP
remoteidtype IP remoteidtype IP
localid IP-address localid 10.1.1.2
remoteid IP-address remoteid 10.1.1.3
key hex-string 1234567890abcdef
Comment lines with # appearing in the first column are also legal.
Files in this format can also be used by the ikeadm(1M) command to load additional pre-shared keys into a running an in.iked(1M) process.
EXAMPLES
Example 1: A Sample ike.preshared File
The following is an example of an ike.preshared file:
#
# Two pre-shared keys between myself, 10.1.1.2, and two remote
# hosts. Note that names are not allowed for IP addresses.
#
# A decent hex string can be obtained by performing:
# od -x </dev/random | head
#
{
localidtype IP
localid 10.1.1.2
remoteidtype IP
remoteid 10.21.12.4
key 4b656265207761732068657265210c0a
}
{
localidtype IP
localid 10.1.1.2
remoteidtype IP
remoteid 10.9.1.25
key 536f20776572652042696c6c2c2052656e65652c20616e642043687269732e0a
}
SECURITY
If this file is compromised, all IPsec security associations derived from secrets in this file will be compromised as well. The default
permissions on ike.preshared are 0600. They should stay this way.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsr |
+-----------------------------+-----------------------------+
SEE ALSO od(1), ikeadm(1M), in.iked(1M), ipseckey(1M), attributes(5), random(7D)SunOS 5.10 15 Oct 2001 ike.preshared(4)