Re: Looking for DMVPN implementation

2016-10-03 Thread Jens Sauer 
Hi Renato,

i'm excited and cant wait to give it a try - thx so much

cheers

Jens Sauer




- Ursprüngliche Message -
Von: Renato Westphal <renatowestp...@gmail.com>
An: Jens Sauer <sauer.j...@yahoo.de>
CC: "misc@openbsd.org" <misc@openbsd.org>
Gesendet: 17:27 Montag, 3.Oktober 2016
Betreff: Re: Looking for DMVPN implementation

2016-10-01 19:44 GMT-03:00 Jens Sauer <sauer.j...@yahoo.de>:

> Hi OpenBSD community,
>
> i'm looking for an OpenSource implementation of DMVPN (Dynamic Multipoint
Virtual private network).
>
> Currently i just found the draft (from 2013) :
> https://tools.ietf.org/html/draft-detienne-dmvpn-00
>
> Comming from Cisco and would be pleased to see it under OpenBSD.
>
http://www.cisco.com/c/dam/en/us/products/collateral/security/dynamic-multipo
int-vpn-dmvpn/DMVPN_Overview.pdf
>
> Hope i could get an advice in how to implement (use) it under OpenDSD.

Hi Jens,

I already started working on this in g2k16 and I should have something
to show in a few months. In the hackathon, claudio@ gave me some
pointers on how to add multipoint support in gre(4) and right now I'm
evaluating how to design nhrpd(8) in the best way possible (including
the integration with iked(8) - only IKEv2 will be supported).

I'll let you know when I have something ready.

Cheers,
--
Renato Westphal

Re: Looking for DMVPN implementation

2016-10-03 Thread Renato Westphal 
2016-10-01 19:44 GMT-03:00 Jens Sauer :
> Hi OpenBSD community,
>
> i'm looking for an OpenSource implementation of DMVPN (Dynamic Multipoint 
> Virtual private network).
>
> Currently i just found the draft (from 2013) :
> https://tools.ietf.org/html/draft-detienne-dmvpn-00
>
> Comming from Cisco and would be pleased to see it under OpenBSD.
> http://www.cisco.com/c/dam/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/DMVPN_Overview.pdf
>
> Hope i could get an advice in how to implement (use) it under OpenDSD.

Hi Jens,

I already started working on this in g2k16 and I should have something
to show in a few months. In the hackathon, claudio@ gave me some
pointers on how to add multipoint support in gre(4) and right now I'm
evaluating how to design nhrpd(8) in the best way possible (including
the integration with iked(8) - only IKEv2 will be supported).

I'll let you know when I have something ready.

Cheers,
-- 
Renato Westphal

Re: Looking for DMVPN implementation

2016-10-02 Thread Remi Locherer 
On Sat, Oct 01, 2016 at 10:44:02PM +, Jens Sauer wrote:
> Hi OpenBSD community,
> 
> i'm looking for an OpenSource implementation of DMVPN (Dynamic Multipoint 
> Virtual private network).
> 
> Currently i just found the draft (from 2013) :
> https://tools.ietf.org/html/draft-detienne-dmvpn-00
> 
> Comming from Cisco and would be pleased to see it under OpenBSD.
> http://www.cisco.com/c/dam/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/DMVPN_Overview.pdf
> 
> Hope i could get an advice in how to implement (use) it under OpenDSD.

OpenBSD does not have support for mGRE and NHRP.

If you're not having hundreds of sites you want to connect you could set
up tunnels (gif or gre), protect it with ipsec and run a routing protocol
over that. It scales best if you automate it (I use ansible for this).

Remi