Date: Fri, 05 Oct 2001 12:23:38 +0100 From: tariq_rashid@lineone.net To: freebsd-security@freebsd.org Subject: start topology "hub" ipsec vpn / routing? Message-ID: <E15pT4s-0009hQ-00@mk-smarthost-1.mail.uk.worldonline.com>
next in thread | raw e-mail | index | archive | help
Good afternoon all! Is the following theoretically possible? Star topology VPN: subnet--GW----- ------GW--subnet | | | | | | VPN subnet--GW----- "hub" ------GW--subnet | | | | | | subnet--GW----- ------GW--subnet that is, each remote site ipsec gateway (freebsd 4.4R running isakmpd, not racoon due to dynamic IP allocation) only has a tunnel to the central hub. the esential point is that once the traffic from a protected subnet emerges at the VPN "hub" the routing tables of this hub then determine wthe next ipsec gateway hop and the packets are then re-encrypted and sent throug the next tunnel. this way, only the central vpn hub needs to have its routing tables maintained. (i realise that if teh hub goes down the whol evpn goes down!) the usual method requires each vpn gatway to be configured with knowledge of every other gateway and subnet. thus not very scaleable. am i right or sorely mistaken?... any ideas or experiences would be appreciated! tariq To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E15pT4s-0009hQ-00>