[CentOS] regarding vpn server for 1500 clients

Fri Dec 19 19:00:42 UTC 2008
Les Mikesell <lesmikesell at gmail.com>

Scott Silva wrote:
>>>>> How about lots of GRE tunnels? :-)
>>>> I've done that with a few connections - mostly connecting to Cisco 
>>>> routers to pass multicast streams.  I'm not sure how it would scale up 
>>>> in terms of the interface numbers and managing routes but it should work.
>>> What was the network environment like that the tunnels went over?
>> Some over the internet, some private, but always with fixed src/dest 
>> addresses and nothing going over them that couldn't have run unencrypted 
>> over the internet.
> If it doesn't need to be encrypted, then why do you need tunnels?

There are two reasons.

> Couldn't you just set a route on the remote machines and use that?
> Could be as simple as a batch file/shell script.

One reason is that I was distributing multicast with a Cisco router 
doing the fanout.  With a tunnel, you put multicast in one end and it 
comes out the other even if the intermediate path doesn't handle 
multicast.  The other is that the end points all had private addressing 
which the terminating equipment understood but not the intermediate routers.

   Les Mikesell
     lesmikesell at gmail.com