Erich Titl wrote: > Gordon > > Gordon Bos wrote: >> Call me stupid, but I am running a cascade of two Leaf routers and I >> would not even start to consider joining them. That said, I have been >> running them on the same host lately (VMware). That is because I've run >> out of old small sized boxes and everything I can get my hands on is >> hugely oversized for the job. > > Out of curiosity, why would you not run this functionality on a single > Box, but be prepared to tolerate the VMWare overhead and network > abstraction, but really just out of curiosity.....
One large reason. Except for doing ISP connect, the outer box also functions as an ipsec/l2tp VPN router. When a remote user connects to one of the l2tp nodes, this dynamically adds a ppp interface. I have found no other way to handle this other than by setting the policy for iptables to ACCEPT. That introduces a security risc for everything I may have forgotten to catch in an earlier stage (the rules, or exceptions to policy). >> When my needs were smaller I did have ISP connect en TC on the same >> router, but the current cascaded setup appears to be a lot more stable. > > Can you elaborate on the stability problem? Do we have one? I used to have frequent ISP connection resets, and for some reason I never managed to have it reconnect without human interaction on the box itself. Now I have less resets and it also reconnects automatically. The only issue I have now is that at some times it starts to flood the logs with klips messages and I can only stop that by fully resetting the router. Gordon ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
