[Openswan Users] Hub and Spoke
Trevor Benson
tbenson at a-1networks.com
Sat Jun 5 14:34:56 CEST 2004
> I don't think you can do this. You probably have to split SpokeA into
> 3 stanzas again each with one leftsubnet.
Is SpokeA, SpokeB, and SpokeC on the hubs ipsec.conf each a separate
stanza? As I think I don't think we understood each other from my
original question. I am trying to create a hub and spoke without
requiring the building of an entire tunnel definition for every
additional subnet to route through the hub.
This would require 9 separate tunnel definitions on the hub, and 3
tunnel definitions on each spoke. Causing a total of 21 full tunnels?
This is what I am trying to avoid, otherwise I could just as easily
create direct tunnels between all sites and just use a mesh for the same
amount of entries required.
When using tunnels on cisco devices you can make additions to existin
ACL's. Allowing traffic to pass over predetermined endpoints, without
causing the work of duplicating connection information.
Should this question be posted to devel instead of users? Am I
looking for support that isn't there? Openswan on the current systems
is 1.0.3, let me know if anyone knows of changes in a specific version
that enable the features I am trying to use.
Thanks,
Trevor Benson
More information about the Users
mailing list