[strongSwan] Encrypting a local network
rainer.klute at gmx.de
Wed Jun 18 13:08:48 CEST 2014
On 18.06.2014 12:41, Noel Kuntze wrote:
> Yes, this is possible.
> Look at those scenarios:  and .
>  http://www.strongswan.org/uml/testresults/ikev2/host2host-cert/
>  http://www.strongswan.org/uml/testresults/ikev2/host2host-transport/
However, this would require to configure a connection for each
host-to-host pair, i.e. O(n²) connections for n authenticated hosts.
Wouldn't it be great if there were a simpler way, i.e. something like
left = 192.168.1.0/24
leftca = "C=DE, O=My Organisation, CN=My Certification Authority"
leftcert = my-cert.pem
right = 192.168.1.0/24
rightca = %same
in each station's ipsec.conf and with only my-cert.pem (and my-key.pem)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 263 bytes
Desc: OpenPGP digital signature
More information about the Users