[strongSwan] One to Many VPN (Host-Host)

Info infosec at quantum-equities.com
Mon Mar 19 19:22:46 CET 2018


On 03/19/2018 10:47 AM, Tobias Brunner wrote:
> Hi,
>
>> I'm looking to VPN every machine in a LAN.  I infer that this would be
>> something like a host-to-host config.
> Did you have a look at the trap-any scenario?
Yes this was one of my many attempts over the past month and a half. 
But I found that this locked out all but members of the VPN, including
printers, Zwave hubs, etc, which can not do IPSec.  With no further info
nor help I gave up.  Anyway, I'm trying to do swanctl.

I didn't want passthrough because the idea was to encrypt all in-transit
traffic possible to defeat malefactors already inside, who may be
mirroring switch ports.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180319/a13f29da/attachment.html>


More information about the Users mailing list