[strongSwan] Encrypting a local network

Noel Kuntze noel at familie-kuntze.de
Wed Jun 18 12:41:41 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Rainer

Yes, this is possible.
Look at those scenarios: [1] and [2].

[1] http://www.strongswan.org/uml/testresults/ikev2/host2host-cert/
[2] http://www.strongswan.org/uml/testresults/ikev2/host2host-transport/

Regards,
Noel Kuntze

GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 18.06.2014 10:04, schrieb Rainer Klute:
> Hi,
>
> in order to make a local network tap-proof, I'd like to encrypt the
> traffic between authenticated stations. Non-encrypted traffic between
> authenticated stations and unauthenticated ones (e.g. printers) must
> still be possible, but unauthenticated stations connecting to the
> network should not be able to tap traffic between authenticated ones.
> Authentication should be done by public keys.
>
> Is this possible with Strongswan? And is there an example configuration
> available? I couldn't find one in the documentation (which is somewhat
> shattered and confusing anyway) and among the sample configurations, but
> perhaps I am just not seeing the forrest for the trees.
>
> Thanks!
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJToWzlAAoJEDg5KY9j7GZYb1cP/jf7P1uoxvXnvLozIL3g7CgG
35Lo9/1o6cAsVmwqTQs7LBQem/WxvVZlNOyagOzVO2TGH4RQLj2YOUh5S1gDQMTx
yNDfKAT/6G02BCMsEYi0osV+Msb7u5lIU8wNZcOStkEVVFUwqo9yhDNeuLZTD9QU
+kwCgP6wQ/BlT+pl0vySQl8GjqFvSdQJqZ9RXKUsvk2w1mDsKwRD7dxNLIZgMe/6
yKJS/Ic6rYV2mKHdxDSE9MrPhllqsxS+IJL8hheIG5w9lsaWnz/9o5zH6JYXEFhM
C9fbXr/z9rOzVH3s5iuDp5+4MnOXRfigSP5+6hcpNCf9eXNWfVrMcZXlXTErEe4m
5g8xshicg9q8LNG509Fzh/sCpLtfCkXMwmogwXwQgBvgSPpO1ELL3f3e9F+zaCja
ekucopGMDsc3wjE29lXw8Gaf8Db3GhKb4umKQVrCeGM2dndXTFJMiuv91wXrxHUz
5qz11VPI6MZ/bBvSEmfVe87L6MbD1rrqNVLSKRsFdPF3U/n20wry3oRMOZUGfPV5
LXmxpLmQ/SuZCRUyQbBC6hibQV7YaPiJ2ATKLP8xu9MmXPlakgRpJkLwStMCVbyl
F4r7Xvvt2Opvqi4XipDU9GiMCS2oMmV5gWoCAFReMDAfQOy+qU4YTJL/8pbMtaeC
z2OWzUZFICBzCuU26nW8
=4aGa
-----END PGP SIGNATURE-----



More information about the Users mailing list