Are these windows machines? .. configure IPSEC policies to do what you want (locally, on the machines). If they are a mix of windows/linux or all *nix you can do it with policy based routing and IKE demon of whatever flavor you like.
Also consider just setting up "opportunistic IPSEC" if you have the ability to configure DNS for it. -Mike. ________________________________________ From: Shawn Heisey <elyog...@elyograg.org> Sent: Thursday, February 26, 2015 12:42 PM To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] Bridging config - can't find an understandable HOWTO On 2/26/2015 8:18 AM, Michael O Holstein wrote: >> I'm looking for encryption that's completely transparent to programs, will >> work properly across multiple servers with IP multicast > > Then what you want is IPSEC. > > OpenVPN has it's advantages, but SSL vpn is designed primarily for remote > access, where you want the granular control over user access. When you want > to transparently connect two sites over the Internet you use IPSEC. I managed to not send this to the list, only to Michael. Resending. It won't be over the Internet. All the machines that will participate are on the same LAN segment and the same IP subnet. I want to maintain that unencrypted communication with the existing addresses, but add another subnet. Every machine will have a static address on that new subnet, and if any of those machines talks to another machine on one of those alternate addresses, the communication must be encrypted. I don't care whether the technology is SSL VPN, IPSEC, or something else. I just want everything to be fully automated and fault tolerant so that if one of the machines were to die, the encrypted communication between the other machines will still work. Thanks, Shawn ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
