[Openswan Users] Hub and Spoke

Paul Wouters paul at xelerance.com
Thu Jun 3 13:45:36 CEST 2004


On Wed, 2 Jun 2004, Trevor Benson wrote:

> Paul,
> 
>    I have been thinking this over and something is perplexing me.  Below
> A, B, C, D, E, F all want to pass traffic through G the hub.  How many
> site to site connections would this require?  From your explanation it
> sounds like about 12 VPN connections would be required on the hub, and
> each spoke would require 2 VPN connections to the hub to alternate the
> left and right subnets for traffic passing?  
> 
>    A  B  C
>     \ | /
>       G
>     / | \
>    D  E  F

If you would make seperate tunnels for everything, you'd need 13.
But if you make tunnels for each node from 10.0.X.0/24 to 10.0.0.0/8 you
should probably be able to do it with one per node. Though this needs to
be verified.

Worst case, one IPsec tunnel with GRE tunnels inside could help you.

Paul


More information about the Users mailing list