-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Rainer,
I think I heard that you can have opportunistic encryption using auto=start and right=someSubnet/CIDR. But I think that's not very resistant against an attacker, hence I didn't come up with it right away. Regards, Noel GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 20.06.2014 06:49, schrieb Rainer Klute: > I have a working configuration now, but having to have a connection for > each communication partner is a nuisance. > > With StrongSwan 4 it was possible to configure something like "accept > whatever the partner is as long as he can provide a certificate signed > by a certification authority I trust." This doesn't work in StrongSwan 5 > anymore. Or at least I couldn't get it working. > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTo9RBAAoJEDg5KY9j7GZYy9cP/2LI621vsXGI8eRp/GNzPnlH aGID52bHKRmysPlp6ccDuHAEiwqsqVNnNrRd4CeJ9oR5uOASjGTf2SJ1Wy4DsjFd Zb4Nbt0z8T6p6aQ5tQu5rzaJSlw0Tqa4WSU9Lx9npafmtuVs4m4HplDKXaBumfol QgzNF823+3NNUdb56BLLkKXFrBOlUsa/Ra2BNlP3p7yy+naA0F+oyDKcN0UVwCol xgrXHKyKu5Ra71yzd/04Verc0Emq4W9TOGr9oR3izDekoYgzCYl+jBHQo6mHfh9n b6YQIReTBPncS8nOdCcsgHRkX1K0NFsyZjg4YmDApYQ5JfBu+4iyoTkeCb52rN2u Du3K9HloPUJMHElWUU7AlQ/6ysFGJIOxZrT7ifi2ZtipLawSkm4iqcfuvTTi9fXn c2elZEwogMh/BjcSURUXs1WhUWYFkg3i/XILxO/bN/Vk0o5lhWPjul70myovKYVs xLcjjQgaIKW/Ee/yrGAaq7Ye1xZ1Ie9qt84JaYa6/ULD/SImwUdgpjM+rjjVTSZ9 96OqUkWFMcRRJEgTJtkbotOz9q/kZRnCx4nvRE9B74iqBs1V8X1MvHqYmbT4d04l 6cNy0lr7hxGnfi30AqvX4UTKoTvMXPI69SWXHty9T3egRDA0kW7RhB7UQt6dtZrE rcD0qm8QB6V+wxxY6Uw4 =0wdz -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
