Hi, the mutual attestation is done on the hosts the TNC client and TNC server are running on, i.e. the VPN endpoints. But of course if the attestation is successful a site-site VPN connection could be set up, connecting subnets located behind the trusted hosts.
net1 --- trusted router 1 == VPN tunnel == trusted router 2 --- net 2
TNC client
TNC server
After successful mutual attestation of the routers, you won't know if the
hosts in the subnets net1 and net2 are trustworthy, though.
Cheers Andreas
On 08/04/2015 03:26 AM, Zhuyj wrote:
> Site2site?
>
> 发自我的 iPhone
>
>> 在 2015年8月4日,1:42,Thomas Strobel <ts...@cam.ac.uk> 写道:
>>
>> Hello everyone,
>>
>> being new to the mailing list, I first want to thank everyone that is or
>> was involved in developing strongswan as open source project, it's
>> amazing! Thanks!
>>
>> Now my question. I'm thinking of using strongswan to secure P2P networks
>> with mutual TNC remote attestation. Does strongswan support that use
>> case? I mean, is it possible that both sides act as TNC client and
>> server at the same time, and that a connection is only established after
>> both sides verified the integrity of the other side?
>>
>> Many thanks
>> Thomas
======================================================================
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
