[Openswan Users] ipsec & multicast over gre
Michael Jurney
mikej at datasynapse.com
Tue Oct 4 11:26:15 CEST 2005
Paul Wouters wrote:
>
> Yup. Ken did a talk about enterprise VPN's at Linux Kongress in 2003:
>
> http://www.xelerance.com/talks/lk2003/
Thank you for the pointer. There's one thing I'm not sure of, though:
Am I setting up a tunnel between the inside and outside interfaces of
each gateway, between the inside interfaces of both gateways, or between
the outside interfaces of both gateways?
Given:
openswan1
----------------------
{172.16.32.0/24}--| (eth1) 172.16.32.1 |
| 10.1.1.100 (eth0) |--+
---------------------- |
|
{untrusted network}
openswan2 |
--------------------- |
| 10.2.2.100 (eth0) |----+
{172.16.8.0/24}--| (eth1) 172.16.8.1 |
---------------------
I want broadcast traffic from 172.16.32.0/24 entering eth1 on openswan1
to emit from eth1 on openswan2 onto the segment for 172.16.8.0/24 (and
vice-versa).
Is there:
one gre tunnel between 10.1.1.100 and 10.2.2.100
one gre tunnel between 172.16.32.1 and 172.16.8.1
two gre tunnels, one between 172.16.32.1 and 10.1.1.100, and another
between 172.16.8.1 and 10.2.2.100?
--
Michael D. Jurney
Sysadmin, DataSynapse
mikej at datasynapse.com
p: 212.842.8860
View the DataSynapse email disclaimer here:
<http://www.datasynapse.com/legal/emailprivacy.jsp>
More information about the Users
mailing list