I have a working configuration now, but having to have a connection for each communication partner is a nuisance.
With StrongSwan 4 it was possible to configure something like "accept whatever the partner is as long as he can provide a certificate signed by a certification authority I trust." This doesn't work in StrongSwan 5 anymore. Or at least I couldn't get it working. -- Best regards Rainer Klute On 18.06.2014 13:12, Noel Kuntze wrote: > Yes, that would be great indeed, but judging from the description of "left", > that isn't supported yet. > From the manpage of ipsec.conf about "left": > > "[...] To limit the connection to a specific range of hosts, a range ( > 10.1.0.0-10.2.255.255 ) or a subnet ( 10.1.0.0/16 ) can be specified, and > multiple addresses, ranges and > subnets can be separated by commas. While one can freely combine these items, > to initiate the connection at least one non-range/subnet is required."
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
