I have something almost identical running right now (using the NET4501's on www.soekris.com). It works great, and I
have built my own "VPN distro" with FreeBSD, to automate almost anything, and make it simple to admin (I have about 12
running now, with 20-30 more creeping in as fast as I can build 'em).

Eric

tariq_rashidlineone.net wrote:
>
> Good afternoon all!
>
> Is the following theoretically possible?
>
> Star topology VPN:
>
> subnet--GW----- ------GW--subnet
> | |
> | |
> | |
>
> VPN
> subnet--GW----- "hub" ------GW--subnet
>
> | |
> | |
> | |
> subnet--GW----- ------GW--subnet
>
> that is, each remote site ipsec gateway (freebsd 4.4R running isakmpd, not racoon due to dynamic
> IP allocation) only has a tunnel to the central hub.
>
> the esential point is that once the traffic from a protected subnet emerges at the VPN "hub" the routing
> tables of this hub then determine wthe next ipsec gateway hop and the packets are then re-encrypted and sent
> throug the next tunnel.
>
> this way, only the central vpn hub needs to have its routing tables maintained. (i realise that if teh hub
> goes down the whol evpn goes down!)
>
> the usual method requires each vpn gatway to be configured with knowledge of every other gateway and subnet.
> thus not very scaleable.
>
> am i right or sorely mistaken?...
>
> any ideas or experiences would be appreciated!
>
> tariq
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
-------------------------------------------------------------
Eric Anderson	 andersoncenttech.com    Centaur Technology
# rm -rf  /bin/laden
-------------------------------------------------------------
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]