roman wrote: >I have indeed 3 networks which should ideally be connected with each other. >This means each router needs 2 tunnels to connect it to the other routers and >if there are some roadwarriors yet another openvpn-instance for them. Am I >right on this, or is there a more elegant solution to this?
As is often the case, only you can answer that ! It's you're network and only you can say what suits you. Back in the days when leased lines (aka point-point or private circuits), it would be common to have a hub and spoke arrangement - making the main data centre the hub in most cases. Traffic between any two spokes would have to flow through the hub. This is the easiest to set up, any time you have to add/remove a spoke you only have to modify the hub and that spoke. It also scales well since for n sites there are n-1 links. The downside is the inefficiency of routing all your traffic though the one site. With VPN you don't have the cost (multiple leased lines) or hardware (number of serial ports) constraints you you will probably want what is usually called a "fully meshed" network - every site is connected to every other site. It's more efficient because you don't route all the traffic through one hub - but it's harder to manage because every change affects every site, and the number of links (in this case tunnels) goes up dramatically with the number of links. For only three sites then there's little argument - just go meshed. Howeveer, if you have any expectations of adding more sites, sit down before you start and think about your addressing/naming schemes - it's easier to be logical from the start than to renumber networks later (been there, got the T-shirt !). ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
