[strongSwan] Encrypting a local network
Noel Kuntze
noel at familie-kuntze.de
Fri Jun 20 08:27:14 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Rainer,
I think I heard that you can have opportunistic encryption using auto=start and right=someSubnet/CIDR.
But I think that's not very resistant against an attacker, hence I didn't come up with it right away.
Regards,
Noel
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 20.06.2014 06:49, schrieb Rainer Klute:
> I have a working configuration now, but having to have a connection for
> each communication partner is a nuisance.
>
> With StrongSwan 4 it was possible to configure something like "accept
> whatever the partner is as long as he can provide a certificate signed
> by a certification authority I trust." This doesn't work in StrongSwan 5
> anymore. Or at least I couldn't get it working.
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTo9RBAAoJEDg5KY9j7GZYy9cP/2LI621vsXGI8eRp/GNzPnlH
aGID52bHKRmysPlp6ccDuHAEiwqsqVNnNrRd4CeJ9oR5uOASjGTf2SJ1Wy4DsjFd
Zb4Nbt0z8T6p6aQ5tQu5rzaJSlw0Tqa4WSU9Lx9npafmtuVs4m4HplDKXaBumfol
QgzNF823+3NNUdb56BLLkKXFrBOlUsa/Ra2BNlP3p7yy+naA0F+oyDKcN0UVwCol
xgrXHKyKu5Ra71yzd/04Verc0Emq4W9TOGr9oR3izDekoYgzCYl+jBHQo6mHfh9n
b6YQIReTBPncS8nOdCcsgHRkX1K0NFsyZjg4YmDApYQ5JfBu+4iyoTkeCb52rN2u
Du3K9HloPUJMHElWUU7AlQ/6ysFGJIOxZrT7ifi2ZtipLawSkm4iqcfuvTTi9fXn
c2elZEwogMh/BjcSURUXs1WhUWYFkg3i/XILxO/bN/Vk0o5lhWPjul70myovKYVs
xLcjjQgaIKW/Ee/yrGAaq7Ye1xZ1Ie9qt84JaYa6/ULD/SImwUdgpjM+rjjVTSZ9
96OqUkWFMcRRJEgTJtkbotOz9q/kZRnCx4nvRE9B74iqBs1V8X1MvHqYmbT4d04l
6cNy0lr7hxGnfi30AqvX4UTKoTvMXPI69SWXHty9T3egRDA0kW7RhB7UQt6dtZrE
rcD0qm8QB6V+wxxY6Uw4
=0wdz
-----END PGP SIGNATURE-----
More information about the Users
mailing list