Hi Stefan, > ● Instantaneous large-scale any-to-any IP connectivity using a group > IPsec security paradigm - seems to be RFC6407 GDOI
I think GDOI is particularly interesting for securing multicast traffic. While it might be usable for plain any-to-any connections, you probably can achieve the same with a full mesh of IPsec tunnels. GDOI is IKEv1 though, and we'd prefer to focus on IKEv2. > Is there anything out there to be able to mesh around 800 sites > together over vpn tunnel without having to configure a vpn tunnel from > each site to each other? There is OpenNHRP [1], but I've no experience with that. It uses a dedicated routing protocol on top of a secured GRE tunnel, so not exactly what you are looking for. With strongSwan, there is currently no out-of-the-box solution. Creating dynamic connections is certainly doable using a custom configuration backend. Depends on what you'd actually want to achieve. In the long term, we'll focusing on the IETF ipsecme "large scale VPN" work. [2] is based on NHRP, while [3] does routing based on IPsec policies. We favor [3], but there are no plans yet for implementing it. Regards Martin [1]http://sourceforge.net/projects/opennhrp/ [2]http://tools.ietf.org/html/draft-detienne-dmvpn-01 [3]http://tools.ietf.org/html/draft-sathyanarayan-ipsecme-advpn-03 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
