[strongSwan] IPSec between multiple hosts on subnet
johannes at hubertz.de
Mon Mar 17 15:59:43 CET 2014
perhaps you like to think of transport mode?
On 17.03.2014 14:24, Mick Mason wrote:
> I’m not a Linux bod so am out of my depth here, and am hoping someone can help.s
> If I had 4 servers running Strongswan (currently using 5.1.2 on Ubuntu) that were all on the same subnet, is there a way to specify that all communications between them should be secured with IPSec, without having to specify 3 distinct host-to-host connections in the ipsec.conf on every one of the servers, each with hardcoded IP’s in, each ipsec.conf different from the others?
> What would be ideal (don’t know if such a thing exists), is something like this:
> conn test
> left=<local IP goes here>
> right=<%any, a subnet range, a CIDR or other non-specific entry etc>
> I could then create a script that changed the left IP for every new host, but could get away with this single configuration.
> Is anything like that possible?
> Users mailing list
> Users at lists.strongswan.org
Geschäftsführender Gesellschafter der hubertz-it-consulting GmbH
Sitz: Grengeler Mauspfad 111a, D-51147 Köln, European Common,
Handelsregister: Köln HRB55865, Ust.-ID Nr.: DE814465092
Tel.: +49 (0) 1607421564 Electronic Mail: it-consult at hubertz.de
GnuPG Fingerprint: a81f e2da f1f9 a0e3 be20 b2b0 005e a2e3 cff5 a06f
Ihr Service für Datenschutz und Informationssicherheit:
Verlässliche Netzwerke für vertrauliche Kommunikation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 242 bytes
Desc: OpenPGP digital signature
More information about the Users