> At 03:15 PM 7/3/2008, [EMAIL PROTECTED] wrote: >>I have a real poser, and I ccan't solve it. >> >>Currently I have a ipsec vpn tunneling 14 servers through a central >> server. >> >>I would like to restructure this so that each server talks to each other >>directly, rather than passing everything through a single server. >> >>However, on every other machine I cannot get a second tunnel to come up. >>Not a gre or gif tunnel. And yet I have 14 on the central machine. > > You would need a lot of policies on each of the boxes (14) but there > is no reason it should not work. Do each of the sites have a unique > subnet ? Do they have static IP addresses ? > > > An easier solution might be to use something like OpenVPN which > allows all the boxes to auth and route through a single server, but > they can also talk to each other with a single config option. > > ---Mike
Mike, thanks for the response. I agree it should work. But it's not. With respect to the next two questions, yes and yes. I'm not a huge fan of OpenVPN, but the bigger issue is that the gif tunnels come up at boot up. As well as routes. Given the client server nature of OpenVPN it is suitable, because if a server reboots, I'm not certain a client would auto re-connect. But I have done no testing. And If I can't reesolve this I may have to. Cheers, Zaphod > > > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
