From owner-freebsd-net@FreeBSD.ORG Wed Jul 9 16:50:50 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A01141065671 for ; Wed, 9 Jul 2008 16:50:50 +0000 (UTC) (envelope-from sclark46@earthlink.net) Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by mx1.freebsd.org (Postfix) with ESMTP id 571168FC0A for ; Wed, 9 Jul 2008 16:50:50 +0000 (UTC) (envelope-from sclark46@earthlink.net) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=LCVU9JlP8wV2LrKhYrrgbNBxec+4tnb3C8TlM2dPtza9/Gkvy8VpOAqSFLszCsU7; h=Received:Message-ID:Date:From:Reply-To:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [24.144.77.185] (helo=joker.seclark.com) by elasmtp-dupuy.atl.sa.earthlink.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from ) id 1KGcsS-00010T-Qu; Wed, 09 Jul 2008 12:50:48 -0400 Message-ID: <4874EC67.6020104@earthlink.net> Date: Wed, 09 Jul 2008 12:50:47 -0400 From: Stephen Clark User-Agent: Thunderbird 2.0.0.14 (X11/20080501) MIME-Version: 1.0 To: Mike Tancsa References: <8f7879db41dbaecc479a017110e8f32f.squirrel@cor> <200807040155.m641tl8s000607@lava.sentex.ca> <7904ac587e71a42fb86c2bbe77bde0ae.squirrel@cor> <200807091545.m69FjcP4031350@lava.sentex.ca> In-Reply-To: <200807091545.m69FjcP4031350@lava.sentex.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ELNK-Trace: a437fbc6971e80f61aa676d7e74259b7b3291a7d08dfec79a31246b52a858aa729f8df4fb8dad033350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 24.144.77.185 Cc: freebsd-net@freebsd.org, zaphod@fsklaw.com Subject: Re: Tunneling issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sclark46@earthlink.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 16:50:50 -0000 Mike Tancsa wrote: > At 11:21 AM 7/9/2008, zaphod@fsklaw.com wrote: > >> I agree it should work. But it's not. With respect to the next two >> questions, yes and yes. > > Can you post some of the configs you are using for 3 of the sites so we > can perhaps spot the problem(s) you are having ? I have a similar setup > with 5 sites, all talking to each other via IPSEC tunnels. Its a lot of > policies, but they work just fine. > > > > >> I'm not a huge fan of OpenVPN, but the bigger issue is that the gif >> tunnels come up at boot up. As well as routes. Given the client server >> nature of OpenVPN it is suitable, because if a server reboots, I'm not >> certain a client would auto re-connect. > > We have ~ 400 sites running OpenVPN across Canada that all reconnect > just fine after reboots / power cycles etc. We dont let the clients > talk to each other, but that would just be a config change to allow that > to work. > > ---Mike > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > Hi, I do this also - having both multiple gre/vpn tunnels to do ospf. Using freebsd 4.x and 6.1 Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)