Re: IPSEC on Solaris 8

From: adam morley (adam@gmi.com)
Date: 10/02/01


Date: Tue, 2 Oct 2001 02:00:58 -0700
From: adam morley <adam@gmi.com>
To: SUN-sec Mailinglist <focus-sun@securityfocus.com>
Subject: Re: IPSEC on Solaris 8
Message-ID: <20011002020057.A9950@chopin.gmi.com>

On Mon, Oct 01, 2001 at 10:37:59AM +0200, Conny Stefors wrote:
> Hi,
> Is there anybody out there who has used the IPSEC feature in Solaris 8?
> I would like to have two Solaris 8 servers encrypt all there traffic
> between them.

yeah, i do a fully meshed ipsec production network on solaris 8 4/01. all data is run through 3des, and auth'ed with md5 before hopping on the network.

>
> The man-pages for the IPSEC feature is unfortunatly not very good :-(

they are good once you know what you are doing, the key is figuring out what you are doing first! your best bets are to start with the answerbooks if you have them, or just hop onto docs.sun.com:

Overview of IPsec:

http://docs.sun.com/ab2/coll.47.11/SYSADV3/@Ab2PageView/22211?DwebQuery=ipsec&oqt=ipsec&Ab2Lang=C&Ab2Enc=iso-8859-1

Implementing IPsec:

http://docs.sun.com/ab2/coll.47.11/SYSADV3/@Ab2PageView/22882?DwebQuery=ipsec&oqt=ipsec&Ab2Lang=C&Ab2Enc=iso-8859-1

that should get you started. look at all the examples, definately read the overview, so that you know what all the commands are actually doing. the flat file config for ipsec seems kludgy at first, but its actually really cool once you get into it because it lets you really narrow down what settings you want and such.

note there is a section where two machines encrypt all data between them, thats probably the section (under implementing ipsec) that you want to look at.

>
> Cheers,
> Conny