IKECTL(8) - System Manager’s Manual # IKECTL(8) - System Manager’s Manual
NAME # ikectl - control the IKEv2 daemon
SYNOPSIS # ikectl [-q] [-s socket] command [arg …]
DESCRIPTION # The ikectl program controls the iked(8) daemon and provides commands to maintain a simple X.509 certificate authority (CA) for IKEv2 peers.
The options are as follows:
-q
Don’t ask for confirmation of any default options.
-s socket
Use socket instead of the default /var/run/iked.
...
IKED.CONF(5) - File Formats Manual # IKED.CONF(5) - File Formats Manual
NAME # iked.conf - IKEv2 configuration file
DESCRIPTION # iked.conf is the configuration file for iked(8), the Internet Key Exchange version 2 (IKEv2) daemon for IPsec. IPsec itself is a pair of protocols: Encapsulating Security Payload (ESP), which provides integrity and confidentiality; and Authentication Header (AH), which provides integrity. The IPsec protocol itself is described in ipsec(4).
In its most basic form, a flow is established between hosts and/or networks, and then Security Associations (SA) are established, which detail how the desired protection will be achieved.
...
IKED(8) - System Manager’s Manual # IKED(8) - System Manager’s Manual
NAME # iked - Internet Key Exchange version 2 (IKEv2) daemon
SYNOPSIS # iked [-dnSTtVv] [-D macro=value] [-f file] [-p udpencap_port] [-s socket]
DESCRIPTION # iked is an Internet Key Exchange (IKEv2) daemon which performs mutual authentication and which establishes and maintains IPsec flows and security associations (SAs) between the two peers.
The IKEv2 protocol is defined in RFC 7296, which combines and updates the previous standards: ISAKMP/Oakley (RFC 2408), IKE (RFC 2409), and the Internet DOI (RFC 2407).
...
IPSEC(4) - Device Drivers Manual # IPSEC(4) - Device Drivers Manual
NAME # ipsec - IP Security Protocol
DESCRIPTION # IPsec is a pair of protocols, Encapsulating Security Payload (ESP) and Authentication Header (AH), which provide security services for IP datagrams.
Both protocols may be enabled or disabled using the following sysctl(2) variables in /etc/sysctl.conf. By default, both protocols are enabled:
net.inet.esp.enable
Enable the ESP IPsec protocol
net.inet.ah.enable
Enable the AH IPsec protocol
...
Tcpdump,
Getnameinfo,
Iked,
Ssl,
Isakmpd.policy,
Ipsec,
Isakmpd.conf,
Openssl,
Pcap_open_offline,
Ipsec.conf,
Sasyncd,
Isakmpd ISAKMPD(8) - System Manager’s Manual # ISAKMPD(8) - System Manager’s Manual
NAME # isakmpd - ISAKMP/Oakley a.k.a. IKEv1 key management daemon
SYNOPSIS # isakmpd [-46adKLnSTv] [-c config-file] [-D class=level] [-f fifo] [-i pid-file] [-l packetlog-file] [-N udpencap-port] [-p listen-port] [-R report-file]
DESCRIPTION # The isakmpd daemon establishes Security Associations (SAs) for encrypted and/or authenticated network traffic. At this moment, and probably forever, this means ipsec(4) traffic. Traditionally, isakmpd was configured using the isakmpd.
...
SASYNCD(8) - System Manager’s Manual # SASYNCD(8) - System Manager’s Manual
NAME # sasyncd - IPsec SA synchronization daemon for failover gateways
SYNOPSIS # sasyncd [-dnv] [-c config-file]
DESCRIPTION # The sasyncd daemon synchronizes IPsec SA and SPD information between a number of failover IPsec gateways. The most typical scenario is to run sasyncd on hosts also running isakmpd(8) or iked(8) and sharing a common IP address using carp(4).
...
SEC(4) - Device Drivers Manual # SEC(4) - Device Drivers Manual
NAME # sec - route based IPsec VPN tunnel interface pseudo-device
SYNOPSIS # pseudo-device sec
DESCRIPTION # The sec driver provides point-to-point tunnel interfaces for IPv4 and IPv6 protected by the ipsec(4) Encapsulating Security Payload (ESP) protocol.
Traffic is encapsulated in the ESP protocol and forwarded to the remote endpoint by routing over a sec interface rather than matching policy in the IPsec Security Policy Database (SPD).
...