I understand a little more, and siteC siteB handle the same firewall ? or are separate firewall?
2012/12/14 Henry Stilmack <h.stilm...@jach.hawaii.edu> > On 12/14/2012 03:27 PM, Beto wrote: > > Hi, SiteB and Sitec have OpenBSD Firewall ? > > > > The vpn is firewall to firewall, the manage of network is only route add > > xxx xx > > > > > I'm not sure what SiteB and SiteC are running - I think either Juniper > or Cisco somethings. > > What works for now is to bring up only one of the tunnels and set up > flows for each of the remote subnets through it. We'd like to be able to > do this dynamically, but if we bring up both tunnels, how can we set the > routing priorities for the flows? > > Thanks > > > > > > > > 2012/12/14 Henry Stilmack <h.stilm...@jach.hawaii.edu> > > > >> Running OpenBSD 4.5 (I know, I should upgrade it), with isakmpd and > ipsec. > >> > >> Here's what I want to do: > >> > >> |----------|==================SiteB) > >> SiteA ---| Firewall | VPN Tunnels )---multiple subnets > >> |----------|==================SiteC) > >> > >> In words: > >> > >> I have a site in the US with an OpenBSD 4.5 firewall. It has one > >> connection to the Internet via a University LAN. We have set up IPsec > >> tunnels to 2 UK sites, which each act as VPN gateways to multiple > >> subnets. We want to have failover between the tunnels, but we want the > >> primary routes for the subnets to be configured through the "closest" > >> gateway. > >> > >> I've seen lots of discussion on how to do failover if you have multiple > >> external connections, but basically we are trying to set up failover if > >> one of the remote endpoints goes down, and to route the subnets on the > >> remote end dynamically. > >> > >> Is this even possible? > >> > >> -- > >> Henry Stilmack <h.stilm...@jach.hawaii.edu> Systems Administrator > >> UK/Canada/Netherlands Joint Astronomy Centre Tel: +1 808-969-6530 > >> 660 N. A'ohoku Place, Hilo, HI 96720 Fax: +1 808-961-6516 > >> GPG key: ID=70E73E16 Signature=133F14E79A8AE9858F38 3BA8BF2D914A70E73E16
