#
# Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
#
# This file contains a very simple example of a configuration file for
# the IKE daemon. This example will allow the IKE daemon to provide keying
# material between the two hosts shown in the rule below.
#
# For more complicated examples, refer to the ike.config(4) man page.
#
# To enable IKE, modify this file to reflect your configuration and copy it to
# /etc/inet/ike/config . Now enable the IKE service:
#
# svcadm enable svc:/network/ipsec/ike:default
#
# Note: IKE provides keying material for IPsec. The IPsec policy is not
# configured here, see /etc/inet/ipsecinit.sample or ipsecconf(1M). The
# cryptographic algorithms listed in this file are to protect the IKE
# exchanges. They are not necessarily the same as those used by IPsec.

{
	label "simple preshared"
	local_id_type ip
	local_addr 10.0.0.1
	remote_addr 10.0.0.2
	p1_xform { auth_method preshared oakley_group 14 auth_alg
		sha256 encr_alg aes }
}

#
# The above rule requires preshared key for authentication.
# Add the following to /etc/inet/secret/ike.preshared
#
# For more details, see the ike.preshared(4) man page.
#
# {
#	localidtype IP
#	localid 10.0.0.1
#	remoteidtype IP
#	remoteid 10.0.0.2
#	key "This is my secret key string"
# }