[strongSwan] Scalable deployment
yaronf.ietf at gmail.com
Thu Dec 30 21:04:53 CET 2010
[Apologies if you receive this mail twice]
I am deploying Strongswan on a group of servers, for host-to-host
traffic, possibly using Transport Mode. All servers are managed, and I
can use a single CA to provide each one with an identity.
The problem is, I would like to define the policy so that I don't have
to touch all existing servers when I add a new one to the group. In
other words, a generic policy for all potential peers (taken from a
certain subnet). I *think* this used to be possible a long time ago with
the %group attribute and group policies, but that attribute seems to
have been deprecated. Is %group still supported for IKEv1? Is there a
way to get similar functionality in Charon?
More information about the Users