ah, and one server could be in several classes of machines (e.g. search and storage)
On Thu, May 13, 2010 at 1:09 AM, Andreas Schuldei <[email protected]> wrote: > In order to have fine grained control over the IPsec traffic in our > distributed network of host-to-host ipsec connections we would like to > create a ACLs-like system. > > For example all servers should be able to talk to infrastructure hosts > (like DNS or backup servers). > > Only the other storage servers and the few specialized servers > accessing the storage system should be able to initiate connections to > storage servers. > > Only the server distributing the search index and the few servers > quering the search system should be able to initiate connections to > search servers. > > The monitoring servers should be able to initiate connections to all servers. > > How could i represent such a system with different types of server > certificates (one type per server class) and strongswan configuration? > > /andreas > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
