Re: Redundant links with BGP and VPN

2006-01-05 Thread Toni Mueller
Hello, On Wed, 23.11.2005 at 14:32:21 +, tony sarendal <[EMAIL PROTECTED]> wrote: > 1. You create the gif tunnels (firewall-firewall) > 2. you encrypt the gif tunnels (firewall-firewall traffic, or leave > this for last) > 3. You integrate it with your current routing setup and just treat the

Re: Redundant links with BGP and VPN

2005-11-23 Thread tony sarendal
On 23/11/05, Kor Boerema <[EMAIL PROTECTED]> wrote: > Ok, > > I'm glad that it's possible, I just don't know how to put it all > together yet. > > So I would have to create 2 gif tunnels at each branch office. One going > over the leased lines and the other over internet. > > Over these GIF tunnels

Re: Redundant links with BGP and VPN

2005-11-23 Thread Kor Boerema
Re: Redundant links with BGP and VPN On 23/11/05, Kor Boerema <[EMAIL PROTECTED]> wrote: > Hi Tony, > > Thanks for the reply. > > In what ways do the GIF tunnels differ from a normal ipsec tunnel? > By using a tunneling protocol your traffic will from an ipsec point of

Re: Redundant links with BGP and VPN

2005-11-23 Thread Stuart Henderson
--On 23 November 2005 13:25 +, tony sarendal wrote: On 23/11/05, Kor Boerema <[EMAIL PROTECTED]> wrote: Hi Tony, Thanks for the reply. In what ways do the GIF tunnels differ from a normal ipsec tunnel? By using a tunneling protocol your traffic will from an ipsec point of view always h

Re: Redundant links with BGP and VPN

2005-11-23 Thread tony sarendal
On 23/11/05, Kor Boerema <[EMAIL PROTECTED]> wrote: > Hi Tony, > > Thanks for the reply. > > In what ways do the GIF tunnels differ from a normal ipsec tunnel? > By using a tunneling protocol your traffic will from an ipsec point of view always have the same source/destination. You also avoid frag

Re: Redundant links with BGP and VPN

2005-11-23 Thread Kor Boerema
: Redundant links with BGP and VPN Fully possible. Just use a tunneling protocol (man gif) for the point-to-points and encrypt them, then use the tunnels for dynamic routing. You even get the bonus of working path-mtu-discovery wiithin your network. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix

Re: Redundant links with BGP and VPN

2005-11-23 Thread tony sarendal
Fully possible. Just use a tunneling protocol (man gif) for the point-to-points and encrypt them, then use the tunnels for dynamic routing. You even get the bonus of working path-mtu-discovery wiithin your network. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied

Redundant links with BGP and VPN

2005-11-23 Thread Kor Boerema
Hello, We are looking at building redundancy into our leased line networks using VPN internet tunnels. Is it possible to create a hub and spoke system with connected OpenBSD machines that use BGP to trigger a different route when the leased line fails? I don't know if the explanation