Hi Lee,
Thanks for the answer.
That is in fact the confusion. If we specify ip addresses of the spokes +
hubs, as we usually do in ip sec tunnel. I mean for example (ip addresses
are not real please.):
spdadd 10.0.0.0/16 10.1.0.0/16 any
-P out ipsec
esp/tunnel/192.168.2.1-62.149.40.78/require;
spdadd 10.1.0.0/16 10.0.0.0/16 any
-P in ipsec
DMVPN has two phases. What about the dynamic tunnel which will be formed
between Spoke1 and 2 on demand. Am I am able to convey my question?
esp/tunnel/62.149.40.78-192.168.2.1/require;
On Tue, Jun 24, 2014 at 9:31 AM, Lee Cardona <lee.card...@gmail.com> wrote:
> Hi Masoom,
>
> You are specifying an IP address.
> 0.0.0.0/0 means 'Any IP address'
>
> Hope that helps
>
> Sent from my iPhone
>
> On Jun 23, 2014, at 11:41 PM, masoom alam <masoom.a...@gmail.com> wrote:
>
> Hi every one.
>
> Most of the Howtos on DMVPN configuration through OpenNHRP configure the
> ipsec.conf as follows:
>
> spdflush;
> spdadd 0.0.0.0/0 0.0.0.0/0 gre -P out ipsec esp/transport//require;
> spdadd 0.0.0.0/0 0.0.0.0/0 gre -P in ipsec esp/transport//require;
>
> My question is that if we are not specifying any specific ip address here
> for HUB <--> Spoke1 and similarly HUB <----> Spoke2, what about the dynamic
> ipsec tunnel that will be made between Spoke1 <---> Spoke2 on demand. I am
> uisng preshared secrets for tunnel formation. If Spoke1 is sharing the same
> secret with HUB, and similarly Spoke2 is also sharing the same secret,
> Spoke1 and Spoke2 can also form the tunnel without OpenNHRP or?. I am not
> understanding how phase 2 or 3 of the DMVPN is achieved with preshared
> secrets....
>
> A spoke will specify the following configuration in its opennhrp.conf:
>
> interface gre1 dynamic-map 172.16.0.0/16 hub.example.com shortcut
> redirect non-caching
>
> where hub.example.com will resolve to ip address of the hub.
>
> What about the HUB opennhrp.conf? If no other HUB exist in the topology,
> whether the following file is ok?
>
> interface gre1 shortcut redirect non-caching
>
> Finally, the scripts given on the Alpine linux web site for OpenNHRP are
> only for alpine linux? , for example if we are testing in a lab environment
> with three Ubuntu VMs, do we need to run those scripts? because they also
> involve checking zebra running....
>
> Thanks
>
>
>
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
>
> _______________________________________________
> opennhrp-devel mailing list
> opennhrp-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
>
>
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
