[ale] Multi-point VPN

Jeff Hubbs Jhubbs at niit.com
Fri Jun 1 14:51:09 EDT 2001 

Bao -

That does seem to solve my too-many-boxes problem, but there are some issues
that that approach won't get me around.

First, I don't want l1-l3 communications to be throttled by the latency and
speed of n2, nor do I want a failure of n2 to isolate l1, l2, and l3 from
each other.  Second, I'm concerned that these liabilities will grow worse as
n > 3.  For this particular potential project, I can see n as high as 8-10.


Basically, I need an arbitrarily large number of "peer" VPN nodes
("gateways," if you prefer) such that no one node is special.

- Jeff

-----Original Message-----
From: Bao C. Ha [mailto:baoha at sensoria.com]
To: ale at ale.org
Sent: Friday, June 01, 2001 2:37 PM
To: 'Jeff Hubbs'; ale at ale.org
Subject: RE: [ale] Multi-point VPN



It would FreeS/WAN.

You can setup multiple IPSec connections from a FreeS/WAN
machine.  The routing table has to be updated properly so
it knows where to send the packets.

For example, you have three locations: l1, l2, and l3.  Put
one machine at each location: n1, n2, and n3.  Set up IPSec
to connect n1<->n2 and n2<->n3.  Setting up n2 as the IPSec
gateway for the other two: n1 and n3.  n1 and n3 will now 
see each other by tunneling through n2.

Bao

> -----Original Message-----
> From: owner-ale at ale.org [mailto:owner-ale at ale.org]On Behalf Of Jeff
> Hubbs
> Sent: Friday, June 01, 2001 11:11 AM
> To: ale at ale.org
> Subject: [ale] Multi-point VPN
> 
> 
> Setting aside all the high-dollar options, what is the current
> state-of-the-art w.r.t. multipoint VPNs?
> 
> My objective is to establish encrypted tunnels over the 
> Internet such that
> networks in three or more separate locations can be joined, either as
> separate subnets or all together as a single Class B network.
> 
> I have looked at FreeS/WAN, but it's not clear to me that it 
> isn't just
> one-point-to-one-point.  What I don't want do have to do, in 
> order to join
> three locations together, is to place two FreeS/WAN machines 
> in one location
> and one in each of the other two locations.  I'd hate to have 
> to set up 2(n
> - 1) FreeS/WAN machines for n locations.  I'd prefer an 
> arrangement that
> only required one box in each location.
> 
> Does this exist yet?  Can someone throw me a bone here?
> 
> - Jeff
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" 
> in message body.
> 
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list