hi! i would like to inititate my SAa "just in time", meaning that they should only set up the secure connection when there is real traffic, not ahead of time.
background to that is that i want to do a full mash of host-to-host transports, both within one site in order to get rid of firewalls per site, and between sites, to avoid setting up tunnels between sites. not every host will talk to every other host all the time, but they might need to talk to any given host within the whole setup sooner or later. in order to not having to initiate a connection to every other host at ipsec startup i would like to configure strongswan in a way that it would only set up the secure host-to-host transport when its needed. otherwise i might be DoSing myself when a whole site gets cut off from the net and then later comes back again and a few hundret servers initiate connections to the rest of the network all at once. how can i solve that? /andreas _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
