Large complicated VPN setup. (Help with)
Guus Sliepen
guus at sliepen.warande.net
Sat Jan 6 01:17:36 CET 2001
On Thu, Jan 04, 2001 at 11:52:49AM +0000, Tomas Doran wrote:
> What I was originally planning was to use ethernet SPF bridging to sort
> this mess out meaning that all the sites backbones would be one one
> unified /24 network as opposed to the mess they are in now. However I am
> not sure that this is the way to go and the bridge code is not working
> with FreeS/WAN and since tinc will only encapsulate IP then it won't
> work with tinc..
The reason why FreeS/WAN tunnels cannot be bridged is because the tunnels are
at the IP layer, not the MAC layer. Although it will change in the future,
tinc only encapsulates IP because it acts as a router (and routers need to
examine IP headers).
You say it currently is a mess, but merging different sites into one /24 may
prove to be an even greater mess. Indeed, only briding would solve that
neatly, but bear in mind that all the broadcast packets (that includes an ARP
packet every ~30 seconds for every host on the entire private network) will be
exchanged by all the sites over the internet, not to mention SMB (windows'
network environment) and other stuff...
I would suggest that you'd use a separate /24 network for each site, and have
them all be within one larger /16 network (obviously, 192.168.0.0/16).
> Basically I want to have an easy to manage network framework which will
> work and allow me to add/remove connections as traffic demands change
> etc..
>
> I know that this wasn't the clearest question and/or explanation but my
> thinking hasn't really solidified on the issue yet.
That's ok. Try routing first with separate subnets for each site. Tinc handles
that very well, and it will also prove more scalable in the future (I think,
but that depends on your situation ofcourse).
If you have any further questions, please ask them!
-------------------------------------------
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.warande.net>
-------------------------------------------
See also: http://tinc.nl.linux.org/
http://www.kernelbench.org/
-------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20010106/3ac01260/attachment.pgp
More information about the Tinc
mailing list