From owner-freebsd-net@FreeBSD.ORG  Thu Jul  3 19:40:36 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 36A76106568A
	for <freebsd-net@freebsd.org>; Thu,  3 Jul 2008 19:40:36 +0000 (UTC)
	(envelope-from zaphod@fsklaw.com)
Received: from thor-new.fsklaw.com (thor-new.fsklaw.com [64.174.116.34])
	by mx1.freebsd.org (Postfix) with ESMTP id 1AC598FC14
	for <freebsd-net@freebsd.org>; Thu,  3 Jul 2008 19:40:35 +0000 (UTC)
	(envelope-from zaphod@fsklaw.com)
Received: from localhost (localhost [127.0.0.1])
	by thor-new.fsklaw.com (Postfix) with ESMTP id 50D5B166307C
	for <freebsd-net@freebsd.org>; Thu,  3 Jul 2008 12:15:58 -0700 (PDT)
Received: from thor-new.fsklaw.com ([127.0.0.1])
	by localhost (localhost [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP id 11160-06 for <freebsd-net@freebsd.org>;
	Thu,  3 Jul 2008 12:15:54 -0700 (PDT)
Received: from cor (unknown [192.168.61.119])
	by thor-new.fsklaw.com (Postfix) with ESMTP id DA1071663055
	for <freebsd-net@freebsd.org>; Thu,  3 Jul 2008 12:15:54 -0700 (PDT)
Received: from 192.168.62.153 (SquirrelMail authenticated user zaphod)
	by cor with HTTP; Thu, 3 Jul 2008 12:15:09 -0700 (PDT)
Message-ID: <8f7879db41dbaecc479a017110e8f32f.squirrel@cor>
Date: Thu, 3 Jul 2008 12:15:09 -0700 (PDT)
From: zaphod@fsklaw.com
To: freebsd-net@freebsd.org
User-Agent: SquirrelMail/1.4.15
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: by amavisd-new at fsklaw.com
Subject: Tunneling issues
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jul 2008 19:40:36 -0000

I have a real poser, and I ccan't solve it.

Currently I have a ipsec vpn tunneling 14 servers through a central server.

Like this:

                       ________________
                       |               |
                       |_______________|
                               |
                               |
                        _________________
                        |                |
                        |________________|
                                |
                                |
                        _________________
                        |                |
                        |________________|

I would like to restructure this so that each server talks to each other
directly, rather than passing everything through a single server.

However, on every other machine I cannot get a second tunnel to come up. 
Not a gre or gif tunnel.  And yet I have 14 on the central machine.

The central machine is FreeBSD5.3, the rest are 6.1 or greater.

I also fear that I won't be able to update the central server, because I
fear not being able to get the tunnels up.

I have been just trying to tunnel.  IPSEC isn't the issue as I'm not
binding an ipsec policy to the tunnel.  I've been googling for days, and
can't find anything on this.  (Can't find anyone creating more than one
tunnel).

Any ideas would be appreciated as I'm totally stumped here.

TIA

Cheers,

Zaphod