From owner-freebsd-net@FreeBSD.ORG Wed Jul 9 15:22:34 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7EF2D1065677 for ; Wed, 9 Jul 2008 15:22:34 +0000 (UTC) (envelope-from zaphod@fsklaw.com) Received: from thor-new.fsklaw.com (thor-new.fsklaw.com [64.174.116.34]) by mx1.freebsd.org (Postfix) with ESMTP id 574018FC25 for ; Wed, 9 Jul 2008 15:22:34 +0000 (UTC) (envelope-from zaphod@fsklaw.com) Received: from localhost (localhost [127.0.0.1]) by thor-new.fsklaw.com (Postfix) with ESMTP id 852DB16BC48B; Wed, 9 Jul 2008 08:22:33 -0700 (PDT) Received: from thor-new.fsklaw.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05590-10; Wed, 9 Jul 2008 08:22:30 -0700 (PDT) Received: from cor (unknown [192.168.61.119]) by thor-new.fsklaw.com (Postfix) with ESMTP id E74FB16BC45B; Wed, 9 Jul 2008 08:22:26 -0700 (PDT) Received: from 192.168.62.153 (SquirrelMail authenticated user zaphod) by cor with HTTP; Wed, 9 Jul 2008 08:21:06 -0700 (PDT) Message-ID: <7904ac587e71a42fb86c2bbe77bde0ae.squirrel@cor> In-Reply-To: <200807040155.m641tl8s000607@lava.sentex.ca> References: <8f7879db41dbaecc479a017110e8f32f.squirrel@cor> <200807040155.m641tl8s000607@lava.sentex.ca> Date: Wed, 9 Jul 2008 08:21:06 -0700 (PDT) From: zaphod@fsklaw.com To: "Mike Tancsa" , freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.15 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: by amavisd-new at fsklaw.com Cc: Subject: Re: Tunneling issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 15:22:34 -0000 > At 03:15 PM 7/3/2008, zaphod@fsklaw.com wrote: >>I have a real poser, and I ccan't solve it. >> >>Currently I have a ipsec vpn tunneling 14 servers through a central >> server. >> >>I would like to restructure this so that each server talks to each other >>directly, rather than passing everything through a single server. >> >>However, on every other machine I cannot get a second tunnel to come up. >>Not a gre or gif tunnel. And yet I have 14 on the central machine. > > You would need a lot of policies on each of the boxes (14) but there > is no reason it should not work. Do each of the sites have a unique > subnet ? Do they have static IP addresses ? > > > An easier solution might be to use something like OpenVPN which > allows all the boxes to auth and route through a single server, but > they can also talk to each other with a single config option. > > ---Mike Mike, thanks for the response. I agree it should work. But it's not. With respect to the next two questions, yes and yes. I'm not a huge fan of OpenVPN, but the bigger issue is that the gif tunnels come up at boot up. As well as routes. Given the client server nature of OpenVPN it is suitable, because if a server reboots, I'm not certain a client would auto re-connect. But I have done no testing. And If I can't reesolve this I may have to. Cheers, Zaphod > > >