Hi Yaron, > I would like to define the policy so that I don't have to touch all > existing servers when I add a new one to the group.
You can define a connection with rightid=%any or use a wildcard identity. For a responder configuration, using right=%any allows you to accept any initiator that has a valid certificate. > In other words, a generic policy for all potential peers (taken from > a certain subnet). Initiating a transport mode SA without an explicit configuration, at least on the initiator, is not possible. We could dynamically create a configuration based on a triggering packet, but we currently don't support such a feature. > Is %group still supported for IKEv1? Is there a > way to get similar functionality in Charon? I've never used it, don't know if it still works. Charon does not know that keyword. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
