[strongSwan] mutual TNC attestation

Andreas Steffen andreas.steffen at strongswan.org
Mon Aug 3 20:10:27 CEST 2015

Hello Thomas,

yes this is possible with strongswan 5.3.2. Have a look at my
presentation given at the 2015 TCG Members Meeting in Edinburgh:


The only thing you have to do is to load the tnc-imc and tmc-imv
plugins on both the TNC client and TNC server and of course the
needed IMCs and IMVs (for attestation usually the OS and Attestation
IMC plus the Attestation IMV). In order to activated the mutual
attestation capability set the following parameter in strongswan.conf

charon {
   plugins {
     tncss-20 {
       mutual = yes

Best regards


On 03.08.2015 19:42, Thomas Strobel wrote:
> Hello everyone,
> being new to the mailing list, I first want to thank everyone that is or
> was involved in developing strongswan as open source project, it's
> amazing! Thanks!
> Now my question. I'm thinking of using strongswan to secure P2P networks
> with mutual TNC remote attestation. Does strongswan support that use
> case? I mean, is it possible that both sides act as TNC client and
> server at the same time, and that a connection is only established after
> both sides verified the integrity of the other side?
> Many thanks
> Thomas
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150803/f068824b/attachment.bin>

More information about the Users mailing list