In order to have fine grained control over the IPsec traffic in our distributed network of host-to-host ipsec connections we would like to create a ACLs-like system.
For example all servers should be able to talk to infrastructure hosts (like DNS or backup servers). Only the other storage servers and the few specialized servers accessing the storage system should be able to initiate connections to storage servers. Only the server distributing the search index and the few servers quering the search system should be able to initiate connections to search servers. The monitoring servers should be able to initiate connections to all servers. How could i represent such a system with different types of server certificates (one type per server class) and strongswan configuration? /andreas _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users