You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to propose a way to setup IPSec in transport mode between all our machines, because:
we can ;)
it makes sure that communication between our boxes is authenticated and encrypted (I haven't reviewed the TLS settings for everything, and that would be a daunting task...)
it hides some communication metadata (protocol & port).
However, managing a full mesh by hand is not going to be fun, so we should have a playbook that:
fetches the IPSec pubkeys, and make the server generate keys if needed;
sends the pubkeys to all servers (or as a hash in the config?);
generate the StrongSwan config from a template;
reloads.
The text was updated successfully, but these errors were encountered:
I would like to propose a way to setup IPSec in transport mode between all our machines, because:
However, managing a full mesh by hand is not going to be fun, so we should have a playbook that:
The text was updated successfully, but these errors were encountered: