Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   11362 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

IKED(8)			OpenBSD System Manager's Manual		       IKED(8)

NAME
     iked - Internet Key Exchange version 2 (IKEv2) daemon

SYNOPSIS
     iked [-dnSTv] [-D macro=value] [-f file]

DESCRIPTION
     iked is an Internet Key Exchange (IKEv2) daemon which performs mutual
     authentication and which establishes and maintains IPsec flows and
     security associations (SAs) between the two peers.

     The IKEv2 protocol is defined in RFC 5996, which combines and updates the
     previous standards: ISAKMP/Oakley (RFC 2408), IKE (RFC 2409), and the
     Internet DOI (RFC 2407).  iked only supports the IKEv2 protocol; support
     for ISAKMP/Oakley and IKEv1 is provided by isakmpd(8).

     iked supports mutual authentication using RSA public keys and X.509
     certificates.  See the FILES section below and PKI AND CERTIFICATE
     AUTHORITY COMMANDS in ikectl(8) for more information about creating and
     maintaining the public key infrastructure.

     The options are as follows:

     -D macro=value
	     Define macro to be set to value on the command line.  Overrides
	     the definition of macro in the configuration file.

     -d	     Do not daemonize and log to stderr.

     -f file
	     Use file as the configuration file, instead of the default
	     /etc/iked.conf.

     -n	     Configtest mode.  Only check the configuration file for validity.

     -S	     Start iked in passive mode.  See the set passive option in
	     iked.conf(5) for more information.

     -T	     Disable NAT-Traversal and do not propose NAT-Traversal support to
	     the peers.

     -v	     Produce more verbose output.

FILES
     /etc/iked.conf	    The default iked configuration file.
     /etc/iked/ca/	    The directory where CA certificates are kept.
     /etc/iked/certs/	    The directory where IKE certificates are kept,
			    both the local certificate(s) and those of the
			    peers, if a choice to have them kept permanently
			    has been made.
     /etc/iked/crls/	    The directory where CRLs are kept.
     /etc/iked/private/	    The directory where local private keys used for
			    public key authentication are kept.	 The file
			    local.key is used to store the local private key.
     /etc/iked/pubkeys/	    The directory in which trusted public keys are
			    kept.  The keys must be named in the fashion
			    described above.
     /var/run/iked.sock	    The default iked control socket.

SEE ALSO
     iked.conf(5), ikectl(8), isakmpd(8)

     Internet Key Exchange Protocol Version 2 (IKEv2), RFC 5996, September
     2010.

HISTORY
     The iked program first appeared in OpenBSD 4.8.

AUTHORS
     The iked program was written by Reyk Floeter <reyk@vantronix.net>.

CAVEATS
     iked is not yet finished and is missing some important security features.
     It should not yet be used in production networks.

OpenBSD 4.9		       December 22, 2010		   OpenBSD 4.9

Vote for polarhome