[strongSwan] Encrypting a local network
Rainer Klute
rainer.klute at gmx.de
Fri Jun 20 06:49:36 CEST 2014
I have a working configuration now, but having to have a connection for
each communication partner is a nuisance.
With StrongSwan 4 it was possible to configure something like "accept
whatever the partner is as long as he can provide a certificate signed
by a certification authority I trust." This doesn't work in StrongSwan 5
anymore. Or at least I couldn't get it working.
--
Best regards
Rainer Klute
On 18.06.2014 13:12, Noel Kuntze wrote:
> Yes, that would be great indeed, but judging from the description of "left", that isn't supported yet.
> From the manpage of ipsec.conf about "left":
>
> "[...] To limit the connection to a specific range of hosts, a range ( 10.1.0.0-10.2.255.255 ) or a subnet ( 10.1.0.0/16 ) can be specified, and multiple addresses, ranges and
> subnets can be separated by commas. While one can freely combine these items, to initiate the connection at least one non-range/subnet is required."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140620/a48d8011/attachment.pgp>
More information about the Users
mailing list