IPsec on LAN ?
I'm student in IT Hight shool education (4 degrees) and i have a security project.
I have to crypt IPV6 communications in my school. Every informations circulating in my network must be crypted.
At the begining, i have used RACOON but it's very capricious, so i have turned to its opponent : OPENSWAN.
With it, i can crypt, with PSK (PreShareKey), the communications between two computers or more but i have to declare on all computers the others addresses. I have more than thousand computers in the LAN so i can't use this solution.
Every examples found on web explain how to crypt a VPN (VirtualPrivateNetwork) but i want only to crypt a LAN (LocalAreaNetwork). I ask me the question : if this solution is possible.
Sorry for my approximate english but I really need your help,
Thank you for your intention
I see the next solution:
1. Leave LAN IPv4 traffic uncrypted.
2. Setup dedicated OpenVPN server with "server" mode (for multi-client server capability) with shared public encription key.
3. Create OpenVPN IPv6 (or IPv4) crypted network over LAN IPv4 uncrypted network.
I think you're after opportunistic encryption
It uses public key encryption and a DNS server to pass out the public keys and reduce the configuration effort.
Best of all, it's part of openswan so you are already part way there.
Let us know how you get on,