[strongSwan] Scalable deployment

Yaron Sheffer yaronf.ietf at gmail.com
Thu Dec 30 21:04:53 CET 2010

[Apologies if you receive this mail twice]


I am deploying Strongswan on a group of servers, for host-to-host 
traffic, possibly using Transport Mode. All servers are managed, and I 
can use a single CA to provide each one with an identity.

The problem is, I would like to define the policy so that I don't have 
to touch all existing servers when I add a new one to the group. In 
other words, a generic policy for all potential peers (taken from a 
certain subnet). I *think* this used to be possible a long time ago with 
the %group attribute and group policies, but that attribute seems to 
have been deprecated. Is %group still supported for IKEv1? Is there a 
way to get similar functionality in Charon?



More information about the Users mailing list