[strongSwan] Scalable deployment

Yaron Sheffer yaronf.ietf at gmail.com
Thu Dec 30 20:03:30 CET 2010


Hi,


I am deploying Strongswan on a group of servers, for host-to-host 
traffic, possibly using Transport Mode. All servers are managed, and I 
can use a single CA to provide each one with an identity.


The problem is, I would like to define the policy so that I don't have 
to touch all existing servers when I add a new one to the group. In 
other words, a generic policy for all potential peers (taken from a 
certain subnet). I *think* this used to be possible a long time ago with 
the %group attribute and group policies, but that attribute seems to 
have been deprecated. Is %group still supported for IKEv1? Is there a 
way to get similar functionality in Charon?


Thanks,

     Yaron





More information about the Users mailing list