[strongSwan] Many-to-many scenario using transport mode
Andreas Heinlein
aheinlein at gmx.com
Tue Sep 6 08:33:12 CEST 2016
Hello,
I am trying to setup IPsec in a many-to-many scenario on a single
subnet, i.e. a larger number of hosts on the same subnet should be able
to communicate over IPsec in transport mode. Any host should be able to
communicate with any other host, and connections should be initiated
from either side. Hosts should be authenticated using a X.509 cert
signed by a single private CA. Sonme of the hosts may be down at times.
I have seen several reports on the net which suggest it is possible, but
I found no working example. Basically, I would think that I have to set
both left and right to "%any" in ipsec.conf, but how do I identify who's
left and who's right in this case? Where do I put the hosts own
certificate? If I specify the cert as leftcert on all hosts, all hosts
think they are left, which will not work, right?
Is "opportunistic encryption" the right path here?
Sorry if I am overlooking something very simple here.
Thanks,
Andreas
More information about the Users
mailing list