I'm looking to VPN every machine in a LAN. I infer that this would be something like a host-to-host config.
I'll use swanctl/vici and x509 certs. I can't identify any configurations that seem right for this at https://www.strongswan.org/testing/testresults/swanctl/ Maybe? https://www.strongswan.org/testing/testresults/swanctl/ip-pool/index.html Also, there is a machine outside on the Internet which I'd like to join the party transparently. It's a mail server, so somehow I'd like its mail traffic to not be VPNed, but everything else to be. I guess this might be a roadwarrior with some kind of split for the mail ports.
