[tamalsaha001]

We use Strongswan to secure host to host connections using pre-shared key when setting up Kubernetes clusters in simple VPS providers like DigitalOcean. This is important since DO, Linode etc does not provide private network. Flannel works with it transparently to provide a Kubernetes-aware ip network.

You can see our work here: https://github.com/appscode/swanc

[terrywang]

Containerization is cool, however, if you use policy-based VPN, how do you address the use case with more than 1 strongSwan instance (container) running on the same host, obviously sharing the same host Linux kernel.

[justinsaccount]

That's pretty cool. I've considered doing things like that to set up a secure overlay network to lock down a 'sort of' private l2 network.

Any reason you didn't use weave?

[tamalsaha001]

I have never tried Weave. But StrongSwan sets up host to host tunnel using Ikev2. So, it should probably work with weave. If you find problems, please let me know in github issues.

[justinsaccount]

Ah.. weave has built in encryption, so you would probably use that by itself.