Tunneling issues
zaphod at fsklaw.com
zaphod at fsklaw.com
Wed Jul 9 15:22:34 UTC 2008
> At 03:15 PM 7/3/2008, zaphod at fsklaw.com wrote:
>>I have a real poser, and I ccan't solve it.
>>
>>Currently I have a ipsec vpn tunneling 14 servers through a central
>> server.
>>
>>I would like to restructure this so that each server talks to each other
>>directly, rather than passing everything through a single server.
>>
>>However, on every other machine I cannot get a second tunnel to come up.
>>Not a gre or gif tunnel. And yet I have 14 on the central machine.
>
> You would need a lot of policies on each of the boxes (14) but there
> is no reason it should not work. Do each of the sites have a unique
> subnet ? Do they have static IP addresses ?
>
>
> An easier solution might be to use something like OpenVPN which
> allows all the boxes to auth and route through a single server, but
> they can also talk to each other with a single config option.
>
> ---Mike
Mike, thanks for the response.
I agree it should work. But it's not. With respect to the next two
questions, yes and yes.
I'm not a huge fan of OpenVPN, but the bigger issue is that the gif
tunnels come up at boot up. As well as routes. Given the client server
nature of OpenVPN it is suitable, because if a server reboots, I'm not
certain a client would auto re-connect. But I have done no testing. And
If I can't reesolve this I may have to.
Cheers,
Zaphod
>
>
>
More information about the freebsd-net
mailing list