Date: Fri, 05 Oct 2001 08:15:07 -0500 From: Eric Anderson <anderson@centtech.com> To: tariq_rashid@lineone.net Cc: freebsd-security@freebsd.org Subject: Re: start topology "hub" ipsec vpn / routing? Message-ID: <3BBDB25B.FE44ADA3@centtech.com> References: <E15pT4s-0009hQ-00@mk-smarthost-1.mail.uk.worldonline.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have something almost identical running right now (using the NET4501's on www.soekris.com). It works great, and I have built my own "VPN distro" with FreeBSD, to automate almost anything, and make it simple to admin (I have about 12 running now, with 20-30 more creeping in as fast as I can build 'em). Eric tariq_rashid@lineone.net wrote: > > Good afternoon all! > > Is the following theoretically possible? > > Star topology VPN: > > subnet--GW----- ------GW--subnet > | | > | | > | | > > VPN > subnet--GW----- "hub" ------GW--subnet > > | | > | | > | | > subnet--GW----- ------GW--subnet > > that is, each remote site ipsec gateway (freebsd 4.4R running isakmpd, not racoon due to dynamic > IP allocation) only has a tunnel to the central hub. > > the esential point is that once the traffic from a protected subnet emerges at the VPN "hub" the routing > tables of this hub then determine wthe next ipsec gateway hop and the packets are then re-encrypted and sent > throug the next tunnel. > > this way, only the central vpn hub needs to have its routing tables maintained. (i realise that if teh hub > goes down the whol evpn goes down!) > > the usual method requires each vpn gatway to be configured with knowledge of every other gateway and subnet. > thus not very scaleable. > > am i right or sorely mistaken?... > > any ideas or experiences would be appreciated! > > tariq > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology # rm -rf /bin/laden ------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BBDB25B.FE44ADA3>