On 12/14/2012 03:27 PM, Beto wrote: > Hi, SiteB and Sitec have OpenBSD Firewall ? > > The vpn is firewall to firewall, the manage of network is only route add > xxx xx > > I'm not sure what SiteB and SiteC are running - I think either Juniper or Cisco somethings.
What works for now is to bring up only one of the tunnels and set up flows for each of the remote subnets through it. We'd like to be able to do this dynamically, but if we bring up both tunnels, how can we set the routing priorities for the flows? Thanks > > > 2012/12/14 Henry Stilmack <h.stilm...@jach.hawaii.edu> > >> Running OpenBSD 4.5 (I know, I should upgrade it), with isakmpd and ipsec. >> >> Here's what I want to do: >> >> |----------|==================SiteB) >> SiteA ---| Firewall | VPN Tunnels )---multiple subnets >> |----------|==================SiteC) >> >> In words: >> >> I have a site in the US with an OpenBSD 4.5 firewall. It has one >> connection to the Internet via a University LAN. We have set up IPsec >> tunnels to 2 UK sites, which each act as VPN gateways to multiple >> subnets. We want to have failover between the tunnels, but we want the >> primary routes for the subnets to be configured through the "closest" >> gateway. >> >> I've seen lots of discussion on how to do failover if you have multiple >> external connections, but basically we are trying to set up failover if >> one of the remote endpoints goes down, and to route the subnets on the >> remote end dynamically. >> >> Is this even possible? >> >> -- >> Henry Stilmack <h.stilm...@jach.hawaii.edu> Systems Administrator >> UK/Canada/Netherlands Joint Astronomy Centre Tel: +1 808-969-6530 >> 660 N. A'ohoku Place, Hilo, HI 96720 Fax: +1 808-961-6516 >> GPG key: ID=70E73E16 Signature=133F14E79A8AE9858F38 3BA8BF2D914A70E73E16
