Having a typical host to host transport mode ipsec configuration,
conn appserver01-to-swift01
[email protected]
left=10.133.176.246
leftrsasigkey=xxxxxxxxxxxxxxxxxxxxxxxx
[email protected]
right=10.133.176.111
authby=rsasig
rightrsasigkey=xxxxxxxxxxxxxxxxxxxxxxx
# load and initiate automatically
auto=start
Is there a way to make this a many to one/many to many connection? i have multiple hosts on the same lan and i was using this to get encrypted traffic between the two hosts, if i add more hosts, will i need to add more host to host or is it possible to do:
conn mytunnel
left=192.168.56.120
leftcert=leftcert.pem
right=%any
rightrsasigkey=%cert
rightca="C=KE, O=Mycompany, OU=mydepartment, CN=*"
auto=add
using certificate authentication? i tried something like this but right says
We cannot identify ourselves with either end of this connection.
and left says:
cannot initiate connection without knowing peer IP address
from some documentation i saw (see right=%any), i thought it was possible, but after trying and failing, im thinking its not posssible, redhat, so is it possible to have the single configuration accept any client that presents a valid x.509 certificate regardless of its ip address? all addresses are private and all machines are pretty much equivalent.
a similar question has been asked before on some mailing list, but i could not find any public reply to it (lists .openswan. org /pipermail/users/2015-March/023294.html)