[CentOS] regarding vpn server for 1500 clients

Tue Dec 23 21:27:39 UTC 2008
Les Mikesell <lesmikesell at gmail.com>

Robert Moskowitz wrote:
> 
>> but the other problem 
>> with IPsec is that the usual tools don't provide an interface for 
>> routing and they need some other mechanism to decide what goes through 
>> them.
> 
> This has always been my issue with IPsec tunnels. What to use and do you 
> know if what you want secured is? Thus the policy always is all or 
> nothing; very broken per the RFC. FreeSWAN tried doing it better, but 
> kind of sputtered out (Hugh really wanted to do it right). This was thus 
> another issue I had with tunnel mode over transport that led to BEET mode.
> 
>> On Ciscos I've always set up GRE tunnels to get something the 
>> routing protocols can see, then crypto-mapped the GRE packets.  Is there 
>> a common computer implementation that would mesh with this?
>>   
> 
> No. At least that I know of.

Seems odd that no one does it that way.  How do you set up redundant 
tunnel routes as failovers for dedicated circuits if you can't run 
routing protocols through the tunnels?

-- 
   Les Mikesell
    lesmikesell at gmail.com