On 18.06.2014 12:41, Noel Kuntze wrote: > Yes, this is possible. > Look at those scenarios: [1] and [2]. > > [1] http://www.strongswan.org/uml/testresults/ikev2/host2host-cert/ > [2] http://www.strongswan.org/uml/testresults/ikev2/host2host-transport/
Thanks, Noel! However, this would require to configure a connection for each host-to-host pair, i.e. O(n²) connections for n authenticated hosts. Wouldn't it be great if there were a simpler way, i.e. something like left = 192.168.1.0/24 leftca = "C=DE, O=My Organisation, CN=My Certification Authority" leftcert = my-cert.pem right = 192.168.1.0/24 rightca = %same in each station's ipsec.conf and with only my-cert.pem (and my-key.pem) being station-specific? -- Best regards Rainer Klute
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
