[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  "Andrej Fercic" <andrej at pcklinika dot si>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  AW: [m0n0wall] IPsec VPN point to multipoint - in details
 Date:  Mon, 28 Nov 2005 14:23:14 +0100
If you only have 1 static IP it gets a bit complicated to get traffic from remote1 to remote2. I
would suggest starting with tunnels running from sublocations to mainlocations first. I have done a
tutorial how to setup a scenario like this here: http://pfsense.bol2riz.com/tutorials/mobile_ipsec/
(it's for pfsense but m0n0 is exactly the same way for this). The tunnels will only be able to be
initiated from the dynamic side towards the static one, so you should keep some traffic running from
dynamic to static to bring the tunnel up again after an IP change. If you really need traffic
between sublocations you should build a mesh and get static IPs. If not you have to route all
traffic between the sublocations via the mainlocation (shutting down the mainlocations bandwidth
with traffic that doesn't belong there). Also keep in mind that static routes don't work for IPSEC
and you have to build a bunch of tunnels to get the traffic routed from sublocations via
mainlocation (not very easy to do but still doable).
Depending on the encryption you set you'll get about 4 to 8 mbit/s with wraps, but as you upstreams
with adsl are most likely lower than your downstreams at the other locations you should use the
upstreams to decide if this hardware is suitable for you or not. You might also as well add a
minipci hardwareaccelerator. Search the mailinglist for numbers, there is a comparison somewhere.
 
Holger


	Von: Andrej Fercic [mailto:andrej at pcklinika dot si] 
	Gesendet: Mo 28.11.2005 13:57 
	An: Holger Bauer; m0n0wall at lists dot m0n0 dot ch 
	Cc: 
	Betreff: RE: [m0n0wall] IPsec VPN point to multipoint - in details
	
	

	Tx, Holger
	
	Yes, I have static IP in Main location. If needed I can get static Ips in my
	remote locations to, but rather not for security reasons. What about
	transfer speeds from main to remote and from Remote1 to Remote2?! I am also
	planing to use Pcengines HW. Can you specify model you are using?!
	
	Tx,
	
	Andrej
	
	-----Original Message-----
	From: Holger Bauer [mailto:Holger dot Bauer at citec dash ag dot de]
	Sent: Monday, November 28, 2005 1:11 PM
	To: Andrej Fercic; m0n0wall at lists dot m0n0 dot ch
	Subject: AW: [m0n0wall] IPsec VPN point to multipoint - in details
	
	You'll at least need one fixed IP to get this running. I build an IPSEC mesh
	some weeks ago where 10 m0n0s are fully meshed (each location has a tunnel
	to each other location). Uptime of all systems is 30+ days without any
	glitches (running voip and other data with pcengine wraps and traffic
	shaping).
	
	Holger
	

	> Von: Andrej Fercic [mailto:andrej at pcklinika dot si]
	> Gesendet: Montag, 28. November 2005 13:06
	> An: m0n0wall at lists dot m0n0 dot ch
	> Betreff: [m0n0wall] IPsec VPN point to multipoint - in details
	>
	>
	> Add for my previus post:
	>
	> Hello folks
	> 
	> I am using m0n0 without any troubles for 6 months. Now I want to use
	> it as VPN server and client. Here is the situation: I have one Main
	> location and 5 remote ones. SO I want to establish a VPN tunnel from
	> remote to Main site using m0n0wall. Does anybody has any experience
	> with situacions like this?
	>
	> Here is a description:
	>
	> Main m0n0 (VPN1) <> ADSL <> Remote1 m0n0 Main m0n0 (VPN2) <> ADSL <>
	> Remote2 m0n0 Main m0n0 (VPN3) <> ADSL <> Remote3 m0n0 Main m0n0 (VPN4)
	> <> ADSL <> Remote4 m0n0 Main m0n0 (VPN5) <> ADSL <> Remote5 m0n0
	>
	> Cheers,
	>
	> Andrej
	>
	>
	>
	> ---------------------------------------------------------------------
	> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
	> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
	>
	>
	
	____________
	Virus checked by G DATA AntiVirusKit
	
	
	
	---------------------------------------------------------------------
	To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
	For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
	
	


____________
Virus checked by G DATA AntiVirusKit