Hello, That's perfectly feasible with strongSwan. Details would need to be discussed in particular. E.g. regarding any needed ACLs. It's possible to build a dynamic fully meshed network using an OpenNHRP compatible patched version of strongSwan. It requires some extra care though, because it's evidently not maintained by upstream, but by Timo Teras of Alpine Linux.
The currently possible solution is either a manually configured mesh or a hub-spoke model, like Michael mentioned. Meaning, there's a central site and all other sites connect to that central site to communicate with the others. That evidently severely limits the available bandwidth and introduces a SPOF (Single Point Of Failure). Kind regards Noel Am 25.04.19 um 16:26 schrieb Marwan Khalili: > > How many sites / offices do you want to connect? > > It would be a limited amount of sites, we can assume that it will be between > 2 to 10 sites. > > > Do you want to be able to communicate any-to-any? Or only from anyone to a > >datacenter? > > We wish to communicate any-to-any. > > > What architecture do you like to implement? A hub/spoke system would be the > >easiest. > > We were thinking of having a server act as an intermediary which the > sites/hosts connect to. Perhaps this is what you meant by hub/spoke system? > > However, the architecture is not set in stone and we are open to any solution. > > > Med vänlig hälsning/Regards > > Marwan Khalili > Cell +46 704784722 > [email protected] > > EdgeGuide AB > S:t Eriksgatan 26, SE-112 39 Stockholm, Sweden > phone +46 84411690, fax +46 87204190 > edgeguide.com <http://www.edgeguide.com/> >
signature.asc
Description: OpenPGP digital signature
