[strongSwan] IPSec between multiple hosts on subnet

Mick Mason zen33984 at zen.co.uk
Mon Mar 17 14:24:06 CET 2014


I’m not a Linux bod so am out of my depth here, and am hoping someone can help.

If I had 4 servers running Strongswan (currently using 5.1.2 on Ubuntu) that were all on the same subnet, is there a way to specify that all communications between them should be secured with IPSec, without having to specify 3 distinct host-to-host connections in the ipsec.conf on every one of the servers, each with hardcoded IP’s in, each ipsec.conf different from the others?

What would be ideal (don’t know if such a thing exists), is something like this:

conn test
	left=<local IP goes here>
	right=<%any, a subnet range, a CIDR or other non-specific entry etc>

I could then create a script that changed the left IP for every new host, but could get away with this single configuration.

Is anything like that possible?


More information about the Users mailing list