Configuring IPSec in Solaris 9

Similar Messages

• Steup ipsec in solaris 10

  Hi Everybody
  is there a doc or white paper that explain step by step how configure ipsec under solaris 10
  Thanks

  http://docs.sun.com

• Problem with IPSec on  solaris 9

  Hi all
  I'm facing a problem with IPSec on solaris 9 that I didn't have with Solaris 8 (With the Security package installed).
  I've an application that creates SA's by using the pf-key interface.
  What it does is first doing a GETSPI to a specific SPI and a specific Destination IP Address.
  This will create an SA and put it in a LARVAL state. After about a minute my application will do an UPDATE to this SPI and that command should change the state of the SA from LARVAL to MATURE but instead I get an error saying that this SPI & IP address already exist (errno = 17).
  Well of course it's already exist that's the all point it should just change the state of an existing SA.
  This exact scenarion was is working fine on Solaris 8.
  Am I doing somthing wrong (maybe there is a package on the solaris 9 that I need to install ?)
  or is this a bug in solaris 9.
  If anyone has any idea on how to do that (without using a one step ADD for a new SA) I will be very thankfull.

  Sorry for using reply for querying.
  I got a problem in creating a Security Association using the PF_KEY Socket (first used SADB_GETSPI and got SPI,with SPI tried to update SADB_UPDATE).
  Getting this problem on Sun Solaris 8.
  It returns errno 122 . operation not supported.
  Here is my mailId [email protected]
  I got few more queries regarding PF_KEY socket.
  Not much directions are available also for pf_key socket in internet.
  Monitor produces the following error.
  # ipseckey monitor
  "Base message (version 2) type UPDATE, SA type AH.
  Error Operation not supported on transport endpoint from PF_KEY.
  Message length 16 bytes, seq=4294967294, pid=450."
  Here is my mailId [email protected]
  Thanks in Advance.
  ssundar.

• How to configure CUPS in Solaris 10 X86 and SPARC

  Dears,
  I need help in configuring CUPS for Solaris 10 X86 as well as on SPARC.
  What i did?
  Downloaded the CUPS 1.5.0
  read the readme.txt
  read the INSTALL.txt
  Pre-req installation requires :-
  CFLAGS= -i /some/directory \
  CPPFLAGS = -i /some/directory \
  CXXFLAGS = -I /some/directory \
  DSOFLAGS = -L /some/directgry \
  LDFLAGS = -L /some/directory \
  ./configure --
  It errors out with
  checking for gawk ... no
  checking for mawk... no
  checking for nawk ...nawk
  chekcing for gcc ... no
  checking for cc ... no
  checking for cl.exe no
  Configure error: no acceptable C compiler found in $PATH
  see 'config.log' for more details
  I installed all the missing dependencies from www.sunfreeware.com and I have the same problem.
  I also tried to install the software packages from the operating system dvd... like for
  ls -lrt gcc
  gcc "SUNWgcc", "SUNWgccS", "SUNWgccruntime"
  ls -lrt cc
  cc "SUNWgccruntime", "SUNWlccom", "SUNWcctpx", "SUNWccisgn" , "SUNWccinv", "SUNWccfwctrl", " SUNWccfw", "SUNWccccrr", "SUNWccccr", "SUNWccccfg", "SUNWislcc",
  "SUNWaccu", "SUNWaccr", "IPLTccons", " SUWgccs", "SUNWgcc", "SUNWmccom", "SUNWmcc", "SUNWusbccids", "SUNWusbccid"
  ls -lrt gawk
  no results
  ls -lrt mawk
  no results
  ls -lrt cl.exe
  no results
  Is there any way should i follow apart from the above?
  Rgds,
  Mky

  Check pkginfo -l for each package.
  export the PATH variable where the packages are installed, like /usr/local/bin and etc.

• Configuring networking on Solaris 10

  How do I configure networking on Solaris 10, is there a single command or must I edit each file individually?
  If so, what's the format of /etc/hostname.hme0

  turnstile:
  That advice will only work if the original poster has
  a Sun SPARC system with certain integrated 10/100 Ethernet.
  They didn't tell us what system they actually had.
  The device instance name applies to its associated chipset.
  HME is different from ERI, is different from DMFE, is different from DNET, is different from IPBR, etc, etc, etc.
  etcetra:
  Do the sys-unconfig procedure. If you have a recognized network controller,
  it will prompt you with sufficient questions to configure it,
  particularly if you do not know what actual chipset you might have,
  and want a setup that survives a reboot.

• Best way to configure IPSEC between selected servers and clients

  Hi, I've done a fair bit of reading and cbt videos, and have experimented for quite a bit in test environments, and I haven't come up with a best path for what I want to do.  If someone could put me on the path to accomplish my goal, I would appreciate
  it greatly.
  I'm operating in an active directory environment at the 2008R2 functional level.  I have a member server processing sensitive data which it receives from clients.  My goal is to have all traffic between the member server and its clients encrypted
  with IPSEC, but can't quite find what I'm looking for after spending a fairly embarrassing bit of time looking.  Do I want:
  IPSEC via group policy, whereby I apply a gpo with the IP Security policy "Server (request security)", to the server and apply a gpo to the clients with "Client (respond only)" set?   If so, I haven't gotten this working, is
  there more configuration needed?
  Configure IPSEC  Advanced firewall connection security rules?
  Both 1. and 2. above?
  Server and domain isolation? (This appears to be a lot of reading on whether or not it's a subset of the above methods, or a combination of them, or more).
  If someone could point me to some documentation on the simplest way to do this, I would appreciate it greatly!!
  Thanks,
  Kevin

  Hi Kevin,
  Both GPO and IPSEC Advanced firewall connection security rules are required.
  Here is a step by step guide about how to deploy IPsec policy.
  Windows Firewall and IPsec Policy Deployment Step-by-Step Guide
  http://technet.microsoft.com/en-us/library/deploy-ipsec-firewall-policies-step-by-step(v=WS.10).aspx
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Install and configuring SAMBA in Solaris 8.0

  Hi
  Can any one help tme to install and configure SAMBA on solaris 8.0
  Thanks in advance

  We don't provide sudo for Solaris 8, but you can try with the package available there : http://www.sudo.ws/sudo/download.html#binary
  They don't provide a specific package for Solaris 8 but may be will the binary working correctly in your zone.
  An other package, and is builded for Solaris 8, is available on www.sunfreeware.com website.
  Regarding the configuration, the method can differ depending on which version you will use. You can find a lot of examples on Internet if you want for details.

• How to configure IPsec/IKE on Sun.

  Hi
  I was new to SUN Ipsec configuration and hope to get help to configure IPsec and test with windows XP or a device.
  I did the following configuration on a SUN 5.10 OS:
  1. Configured an IKE rule in the config file
  label "simple inheritor2"
  local_id_type ipv4
  local_addr 10.62.18.131
  remote_addr 10.62.18.139
  p1_xform
  {auth_method preshared  oakley_group 2  auth_alg sha  encr_alg 3des }
  and was able to verify the file using in.iked.
  2. Configured preshared key in ike.preshared
  { localidtype IP
  localid 10.62.18.131
  remoteidtype IP
  remoteid 10.62.18.139
  key ac077cc699c17055848a3cf34377980aac077cc699c17055
  3. Configured IPsec policy in ipsecinit.conf as
  {laddr 10.62.18.131 raddr 10.62.18.139} ipsec {
  encr_algs 3DES
  encr_auth_algs SHA1
  I configured matching policy in XP. After I reboot the Sun system, trigger traffic from XP to Sun system, I saw the first two IKE phase one exchange were fine but Sun system didn't response to the ID payload sent from XP.
  I suspect few things: one is the id, if I use ikeadm to dump the rule, it says unknow local id and remote id, where and how should I specify the local and remote ID?
  the other thing I suspect is the preshared key, the admin guide the key should be corresponding to the algorithm, I used the one for 3des(24 bytes), should I also consider sha1 when specifying the preshared key or it doesn't matter?
  Also where is the IPsec/ike log file? the admin guide doesn't indicate that.
  Thanks a lot!

  Hi Dan
  Thanks. Your suggestion is constructive. I hope to get your furhter help to straight it up. I tried to use the following key in Sun:
  key 606162636465666768696a6b6c6d6e6f7071727374
  and used abcdefghijklmnopqrst on XP as the preshared key. The length should be good for both DES and SHA1.
  When triggering traffic from Sun, I got the following from Sun log file:
  hu Nov 15 17:42:05 2007: in.iked: In ssh_policy_isakmp_nonce_data_len.
  Thu Nov 15 17:42:05 2007: in.iked: ssh_policy_isakmp_nonce_data_len: natt_state 0
  Thu Nov 15 17:42:05 2007: in.iked: spsi: ike_send_packet 0
  Thu Nov 15 17:42:06 2007: in.iked: spsi: ike_udp_callback_common 0
  Thu Nov 15 17:42:06 2007: in.iked: spsi: portjump -1
  Thu Nov 15 17:42:06 2007: in.iked: In ssh_policy_find_pre_shared_key.
  Thu Nov 15 17:42:06 2007: in.iked: spsi: ike_send_packet -1
  Thu Nov 15 17:42:06 2007: in.iked: spsi: ike_send_packet -1
  Thu Nov 15 17:42:06 2007: in.iked: spsi: ike_udp_callback_common -1
  Thu Nov 15 17:42:07 2007: in.iked: spsi: ike_send_packet -1
  Thu Nov 15 17:42:08 2007: in.iked: spsi: ike_udp_callback_common -1
  Thu Nov 15 17:42:08 2007: in.iked: spsi: ike_send_packet -1
  Thu Nov 15 17:42:09 2007: in.iked: spsi: ike_udp_callback_common -1
  Thu Nov 15 17:42:09 2007: in.iked: IKE error: type 8194 (No SA established), decrypted 0, rx 1
  Thu Nov 15 17:42:09 2007: in.iked: pm_info null! (msg type 8194 (No SA established))
  Windows XP was able to process the KE payload sent from Sun and sent KE payload but complains the ID payload from Sun is invalid.
  Any thoughts on what was going on? Thanks a lot!

• CONFIGURE NFS ON SOLARIS ZONES

  I want steps to configure NFS on solaris Zones

  Hi,
  I installed unfs3 in zone, but can't mount unfs3 share from solaris client(Solaris 10 10/08 s10s_u6wos_07b SPARC):
  root@prod-db $ mount -F nfs -o rw 192.168.219.13:/software /mnt
  nfs mount: 192.168.219.13: : RPC: Rpcbind failure - RPC: Authentication error
  nfs mount: retrying: /mnt
  nfs mount: 192.168.219.13: : RPC: Rpcbind failure - RPC: Authentication error....
  Any suggestions? I cant find in internet any forum or mailing list about unfs3 :(

• Steps to Configure Sendmail in Solaris 9

  Can anyone provide me the SUN documents URL to configure sendmail in Solaris 9.
  Any other good link will also do.
  Thanks.

  I have some questions:
  The server in which I want to configure is running as a DNS client. and I want to configure a local mail so I think that i need to configure mail rather than configuring sendmail.
  I get a document for configuring mail in solaris from docs.sun.com. The doc name is "Mail Administration Guide for Solaris 7".
  This document has the steps to configure mail but my question is:
  The server is already running as DNS client, in this case Do I have to install a new naming service to configure it as mail server?
  Can we configure a server as NIS server when it is already a DNS client?
  Suppose there is only one server, how do you configure mail server and client server and host server..can all three be done on only one server. Here there is one server and a few PCs need to be connected to it as clients.
  Any suggestions?
  David

• Configure Mozilla in Solaris 10

  I new in Solaris , the browser Mozilla does not recognize URL for example when I put www.google.pt
  browser tell me that (does not find the url). I logon in internet becouse the ping command is sucesseful , and I can enter in my router with (private address 192.168.1.1) and broser I have the turn on Icon correctly. Please tem me what is thr problem?

  I don't think you have configured DNS client on the system which made the mozilla could not resovle the URL.

• Configure Network in Solaris Sparc 10

  Hi
  I installed Soalris 10 but Installation time i didn't select any service like DNS, NIS or LDAP
  Now I want to start Internet in MY Solaris workstation
  ethernet is hme0
  Now in which file I have to enter ipaddress of ethernet card ,
  Where I configure gateway , and DNS also
  pl. guide me
  Regards
  Satish

  You have same post in another forum. I answered this question in the other post. Please refere it there:
  http://forum.java.sun.com/thread.jspa?threadID=5265020&tstart=0

• How to configure SNMP in solaris 10

  i am working on solaris management console .i want to configure snmp for this to send traps regarding system performance and cpu usage ..can any body know ho to do this

  Integration of Directory Server SNMP agent with Solaris Master agent is documented in the Administration Guide Chapter 14: Monitoring Directory Server using SNMP.
  http://docs.sun.com/source/817-7613/snmp.html
  Regards,
  Ludovic.

• Unable to configure LUN in Solaris 10 (T3-1)

  Hi everyone,
  While trying to configure a LUN on Solaris 10u9, I'm running into a problem getting it configured and available in 'format'. These are the things I tried:
  -bash-3.00# cfgadm -o show_FCP_dev -al c5
  Ap_Id Type Receptacle Occupant Condition
  c5 fc-fabric connected configured unknown
  c5::200400a0b819d8c0,0 disk connected configured unknown
  c5::201400a0b8481acc,0 disk connected configured unknown
  c5::202500a0b8481acc,0 disk connected configured unknown
  c5::20340080e52e4bc4 disk connected unconfigured unknown
  c5::20350080e52e4bc4 disk connected unconfigured unknown
  And if I try to configure it:
  -bash-3.00# cfgadm -c configure c5::20340080e52e4bc4
  cfgadm: Library error: failed to create device node: 20340080e52e4bc4: Invalid argument
  Does anyone have an idea how to fix this?

  Apparently it was a faulty configuration on the SAN side, the issue was fixed and now I can see the LUN in Solaris without problems.

• How to Configure Internet on Solaris 10

  Hi Guys,
  I recently installed Solaris 10 on Vmware Workstation 7.0.1. I'm trying to get Internet to work in the solaris virtual machine by sharing it from the host machine but have not been successful.The Solaris Virtual Machine NIC is using NAT. Please help.
  Thanks
  kisad

  Thank You for your reply. This is what i have configured.
  ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 10.0.0.51 netmask ffffff00 broadcast 10.0.0.255
  ether 0:c:29:42:c3:b4
  netstat -rnv
  IRE Table: IPv4
  Destination Mask Gateway Device Mxfrg Rtt Ref Flg Out In/Fwd
  default 0.0.0.0 10.0.0.1 1500* 0 1 UG 0 0
  10.0.0.0 255.255.255.0 10.0.0.51 e1000g0 1500* 0 1 U 0 0
  224.0.0.0 240.0.0.0 10.0.0.51 e1000g0 1500* 0 1 U 0 0
  127.0.0.1 255.255.255.255 127.0.0.1 lo0 8232* 0 9 UH 278 0