[strongSwan] Encrypting a local network

Rainer Klute rainer.klute at gmx.de
Wed Jun 18 13:08:48 CEST 2014


On 18.06.2014 12:41, Noel Kuntze wrote:
> Yes, this is possible.
> Look at those scenarios: [1] and [2].
>
> [1] http://www.strongswan.org/uml/testresults/ikev2/host2host-cert/
> [2] http://www.strongswan.org/uml/testresults/ikev2/host2host-transport/

Thanks, Noel!

However, this would require to configure a connection for each
host-to-host pair, i.e. O(n²) connections for n authenticated hosts.

Wouldn't it be great if there were a simpler way, i.e. something like

left = 192.168.1.0/24
leftca = "C=DE, O=My Organisation, CN=My Certification Authority"
leftcert = my-cert.pem
right = 192.168.1.0/24
rightca = %same

in each station's ipsec.conf and with only my-cert.pem (and my-key.pem)
being station-specific?

-- 

Best regards
Rainer Klute 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140618/87c41b75/attachment.pgp>


More information about the Users mailing list