[strongSwan] IPSec between multiple hosts on subnet

[Johannes Hubertz]

Hello,

perhaps you like to think of transport mode?

Happy working
Johanne

On 17.03.2014 14:24, Mick Mason wrote:
> Hi,
> 
> I’m not a Linux bod so am out of my depth here, and am hoping someone can help.s

> 
> If I had 4 servers running Strongswan (currently using 5.1.2 on Ubuntu) that were all on the same subnet, is there a way to specify that all communications between them should be secured with IPSec, without having to specify 3 distinct host-to-host connections in the ipsec.conf on every one of the servers, each with hardcoded IP’s in, each ipsec.conf different from the others?
> 
> What would be ideal (don’t know if such a thing exists), is something like this:
> 
> conn test
> 	type=tunnel
> 	auto=start
> 	left=<local IP goes here>
> 	right=<%any, a subnet range, a CIDR or other non-specific entry etc>
> 	authby=secret
> 
> I could then create a script that changed the left IP for every new host, but could get away with this single configuration.
> 
> Is anything like that possible?
> 
> Thanks
> M
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 


-- 
Johannes Hubertz

Geschäftsführender Gesellschafter der hubertz-it-consulting GmbH
Sitz: Grengeler Mauspfad 111a,  D-51147 Köln,  European Common,
Handelsregister:  Köln HRB55865,    Ust.-ID Nr.:  DE814465092
Tel.: +49 (0) 1607421564      Electronic Mail: it-consult at hubertz.de
GnuPG Fingerprint: a81f e2da f1f9 a0e3 be20 b2b0 005e a2e3 cff5 a06f

Ihr Service für Datenschutz und Informationssicherheit:
Verlässliche Netzwerke für vertrauliche Kommunikation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 242 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140317/eea79e59/attachment.pgp>