[strongSwan] Encrypting a local network

Rainer Klute rainer.klute at gmx.de
Fri Jun 20 06:49:36 CEST 2014

I have a working configuration now, but having to have a connection for
each communication partner is a nuisance.

With StrongSwan 4 it was possible to configure something like "accept
whatever the partner is as long as he can provide a certificate signed
by a certification authority I trust." This doesn't work in StrongSwan 5
anymore. Or at least I couldn't get it working.


Best regards
Rainer Klute 

On 18.06.2014 13:12, Noel Kuntze wrote:
> Yes, that would be great indeed, but judging from the description of "left", that isn't supported yet.
> From the manpage of ipsec.conf about "left":
> "[...] To limit the connection to a  specific range of hosts, a range ( ) or a subnet ( ) can be specified, and multiple addresses,  ranges  and
> subnets can be separated by commas. While one can freely combine these items, to initiate the connection at least one non-range/subnet is required."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140620/a48d8011/attachment.pgp>

More information about the Users mailing list