[strongSwan] mutual TNC attestation

Andreas Steffen andreas.steffen at strongswan.org
Tue Aug 4 06:09:47 CEST 2015


the mutual attestation is done on the hosts the TNC client and TNC server
are running on, i.e. the VPN endpoints. But of course if the attestation
is successful a site-site VPN connection could be set up, connecting subnets
located behind the trusted hosts.

net1 --- trusted router 1 == VPN tunnel == trusted router 2 --- net 2
                    TNC client
TNC server

After successful mutual attestation of the routers, you won't know if the
hosts in the subnets net1 and net2 are trustworthy, though.

Cheers Andreas

On 08/04/2015 03:26 AM, Zhuyj wrote:
> Site2site?
> 发自我的 iPhone
>> 在 2015年8月4日,1:42,Thomas Strobel <ts468 at cam.ac.uk> 写道:
>> Hello everyone,
>> being new to the mailing list, I first want to thank everyone that is or
>> was involved in developing strongswan as open source project, it's
>> amazing! Thanks!
>> Now my question. I'm thinking of using strongswan to secure P2P networks
>> with mutual TNC remote attestation. Does strongswan support that use
>> case? I mean, is it possible that both sides act as TNC client and
>> server at the same time, and that a connection is only established after
>> both sides verified the integrity of the other side?
>> Many thanks
>> Thomas

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150804/dd8a50e4/attachment-0001.bin>

More information about the Users mailing list