Date: Wed, 9 Jul 2008 08:21:06 -0700 (PDT) From: zaphod@fsklaw.com To: "Mike Tancsa" <mike@sentex.net>, freebsd-net@freebsd.org Subject: Re: Tunneling issues Message-ID: <7904ac587e71a42fb86c2bbe77bde0ae.squirrel@cor> In-Reply-To: <200807040155.m641tl8s000607@lava.sentex.ca> References: <8f7879db41dbaecc479a017110e8f32f.squirrel@cor> <200807040155.m641tl8s000607@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> At 03:15 PM 7/3/2008, zaphod@fsklaw.com wrote: >>I have a real poser, and I ccan't solve it. >> >>Currently I have a ipsec vpn tunneling 14 servers through a central >> server. >> >>I would like to restructure this so that each server talks to each other >>directly, rather than passing everything through a single server. >> >>However, on every other machine I cannot get a second tunnel to come up. >>Not a gre or gif tunnel. And yet I have 14 on the central machine. > > You would need a lot of policies on each of the boxes (14) but there > is no reason it should not work. Do each of the sites have a unique > subnet ? Do they have static IP addresses ? > > > An easier solution might be to use something like OpenVPN which > allows all the boxes to auth and route through a single server, but > they can also talk to each other with a single config option. > > ---Mike Mike, thanks for the response. I agree it should work. But it's not. With respect to the next two questions, yes and yes. I'm not a huge fan of OpenVPN, but the bigger issue is that the gif tunnels come up at boot up. As well as routes. Given the client server nature of OpenVPN it is suitable, because if a server reboots, I'm not certain a client would auto re-connect. But I have done no testing. And If I can't reesolve this I may have to. Cheers, Zaphod > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7904ac587e71a42fb86c2bbe77bde0ae.squirrel>