What's New in IPsec?
Solaris Express, Developer Edition 2/07: In this release, IPsec fully implements tunnels in tunnel mode, and modifies the
utilities that support tunnels.
IPsec implements tunnels in tunnel mode for Virtual Private Networks (VPNs). In tunnel mode, IPsec supports multiple clients behind a single NAT. In tunnel mode, IPsec is interoperable with implementations of IP-in-IP tunnels by other vendors. IPsec continues to support tunnels in transport mode, so is compatible with earlier Solaris releases.
The syntax to create a tunnel is simplified. To manage IPsec policy, the ipsecconf command has been expanded. The ifconfig command is deprecated for managing IPsec policy.
In this release, the /etc/ipnodes file is removed. Use the /etc/hosts file to
configure network IPv6 addresses.
Solaris 10 1/06: In this release, IKE is fully compliant with NAT-Traversal support as described
in RFC 3947 and RFC 3948. IKE operations use the PKCS #11 library from
the cryptographic framework, which improves performance.
The cryptographic framework provides a softtoken keystore for applications that use the metaslot.
When IKE uses the metaslot, you have the option of storing the keys
on disk, on an attached board, or in the softtoken keystore.