Date: Fri, 05 Oct 2001 12:23:38 +0100 From: tariq_rashid@lineone.net To: freebsd-security@freebsd.org Subject: start topology "hub" ipsec vpn / routing? Message-ID: <E15pT4s-0009hQ-00@mk-smarthost-1.mail.uk.worldonline.com>
next in thread | raw e-mail | index | archive | help
Good afternoon all!
Is the following theoretically possible?
Star topology VPN:
subnet--GW----- ------GW--subnet
| |
| |
| |
VPN
subnet--GW----- "hub" ------GW--subnet
| |
| |
| |
subnet--GW----- ------GW--subnet
that is, each remote site ipsec gateway (freebsd 4.4R running isakmpd, not racoon due to dynamic
IP allocation) only has a tunnel to the central hub.
the esential point is that once the traffic from a protected subnet emerges at the VPN "hub" the routing
tables of this hub then determine wthe next ipsec gateway hop and the packets are then re-encrypted and sent
throug the next tunnel.
this way, only the central vpn hub needs to have its routing tables maintained. (i realise that if teh hub
goes down the whol evpn goes down!)
the usual method requires each vpn gatway to be configured with knowledge of every other gateway and subnet.
thus not very scaleable.
am i right or sorely mistaken?...
any ideas or experiences would be appreciated!
tariq
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E15pT4s-0009hQ-00>