On 12/4/07, Tony Sarendal <[EMAIL PROTECTED]> wrote: > > > > On 12/4/07, John Rodenbiker <[EMAIL PROTECTED]> wrote: > > > > On Dec 4, 2007, at 12:14 AM, visc wrote: > > > So, my question is this - what are the current best practices for > > > setting up a hub and spoke topology using OpenBSD, allowing for > > > traffic to securely flow from Branch to Branch on occasion without > > > using a full mesh topology. If it's at all possible... (network > > > description below) > > > > At this point IMHO branch-to-branch is avoided not for security > > reasons but for administrative reasons. > > > > It is a pain in the ass to configure each branch to establish a VPN to > > any other branch. It's easy to tell each branch router "if you want to > > talk to BRANCHX, talk to CENTRALOFFICE first". > > > GRE/IPIP inside IPsec and dynamic routing. >
Or just a management tool to create configs and push it out. /Tony > /Again
