Tunneling issues

Mike Tancsa mike at sentex.net
Fri Jul 4 01:55:50 UTC 2008

At 03:15 PM 7/3/2008, zaphod at fsklaw.com wrote:
>I have a real poser, and I ccan't solve it.
>Currently I have a ipsec vpn tunneling 14 servers through a central server.
>I would like to restructure this so that each server talks to each other
>directly, rather than passing everything through a single server.
>However, on every other machine I cannot get a second tunnel to come up.
>Not a gre or gif tunnel.  And yet I have 14 on the central machine.

You would need a lot of policies on each of the boxes (14) but there 
is no reason it should not work.  Do each of the sites have a unique 
subnet ?  Do they have static IP addresses ?

An easier solution might be to use something like OpenVPN which 
allows all the boxes to auth and route through a single server, but 
they can also talk to each other with a single config option.


More information about the freebsd-net mailing list