[strongSwan] ACLs-like system to control IPsec traffic
Andreas Schuldei
schuldei+strongswan at spotify.com
Thu May 13 01:09:21 CEST 2010
In order to have fine grained control over the IPsec traffic in our
distributed network of host-to-host ipsec connections we would like to
create a ACLs-like system.
For example all servers should be able to talk to infrastructure hosts
(like DNS or backup servers).
Only the other storage servers and the few specialized servers
accessing the storage system should be able to initiate connections to
storage servers.
Only the server distributing the search index and the few servers
quering the search system should be able to initiate connections to
search servers.
The monitoring servers should be able to initiate connections to all servers.
How could i represent such a system with different types of server
certificates (one type per server class) and strongswan configuration?
/andreas
More information about the Users
mailing list