[strongSwan] One to Many VPN (Host-Host)
Info
infosec at quantum-equities.com
Mon Mar 19 19:22:46 CET 2018
On 03/19/2018 10:47 AM, Tobias Brunner wrote:
> Hi,
>
>> I'm looking to VPN every machine in a LAN. I infer that this would be
>> something like a host-to-host config.
> Did you have a look at the trap-any scenario?
Yes this was one of my many attempts over the past month and a half.
But I found that this locked out all but members of the VPN, including
printers, Zwave hubs, etc, which can not do IPSec. With no further info
nor help I gave up. Anyway, I'm trying to do swanctl.
I didn't want passthrough because the idea was to encrypt all in-transit
traffic possible to defeat malefactors already inside, who may be
mirroring switch ports.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180319/a13f29da/attachment.html>
More information about the Users
mailing list