[Openswan Users] Transport mode on a home LAN
Paul Wouters
paul at xelerance.com
Sat Nov 20 18:38:50 EST 2010
On Sat, 20 Nov 2010, Jack Byer wrote:
> I have a home LAN with three machines: hydrogen (router), carbon (file
> server) and boron (main desktop). I'd like to force these machines to
> encrypt all traffic on the local network (192.168.1.0/24 and
> 2001:1938:155::/64). What is the best way to accomplish this? I tried
> setting up connections based on the linux-to-linux example but was
> unable to make this work.
This should work, and is currently your best solution.
> Should I use certificates instead
Start with PSK, you can always migrate to certs later if you feel that's better.
> a local DNS server and put the keys in TXT records to use OE?
I would not yet use OE. We haven't tested it properly in a while, and there are
various things happening at the IETF right now involving successor methods to
our original OE proposal.
Paul
More information about the Users
mailing list