Well this was what I meant with my idea of a SuperLAN. But there was no
connection to opportunistic encryption, nor attempt to clear up my questions
and misconceptions. I've made no progress.
The barriers are too high for those of us who are busy with many other things.
-------- Original Message --------
On January 18, 2018 4:48 PM, Kenneth Jackson <kenjack...@live.com> wrote:
> Suppose I have a set of hosts and I want to leverage Paul’s [opportunistic
> encryption](https://events.static.linuxfound.org/sites/events/files/slides/LinuxSecuritySummit-2016-OE-16x9.pdf)
> pattern, but I would prefer to use IPSec transport mode (type=transport)
> instead of tunnel mode so that my IP headers are unaltered.
>
> - Will the pattern still work as described in Paul’s presentation and the
> supporting conf files, etc.?
>
> - What would have to change in the config files?
>
> - There is so little documentation on transport mode – is this a bad path?
>
> FWIW, in the Windows world, Microsoft has been preaching IPSec transport mode
> under the heading “network isolation” for nearly 15 years and they run
> transport mode universally on their internal network:
>
> - https://technet.microsoft.com/en-us/library/cc163159.aspx (2005)
>
> -
> https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725770(v=ws.10)
> (2012)
>
> -
> https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/server-isolation-policy-design
> (2017)
>
> Thanks in advance,
>
> Ken Jackson
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
