Hi, On Thu, Feb 26, 2015 at 10:42:05AM -0700, Shawn Heisey wrote: > I managed to not send this to the list, only to Michael. Resending. > > It won't be over the Internet. All the machines that will participate > are on the same LAN segment and the same IP subnet. I want to maintain > that unencrypted communication with the existing addresses, but add > another subnet. Every machine will have a static address on that new > subnet, and if any of those machines talks to another machine on one of > those alternate addresses, the communication must be encrypted.
Oh. Misunderstood that part of the original description.
Well, in that case, you have no "host<->router<-internet->router<->host"
setup that you'd use for classic site-to-site connectivity (and traffic
between "host" and "router" would be unencrypted anyway).
You could do this with OpenVPN, but it would incur n^2 tunnels to
interconnect n machines, so you don't want that.
Basically, you really don't want that :-) - but it might indeed be easier
to use IPSEC in transport mode here, as the deployment model of IPSEC
("set up a list of rules for communication endpoints, magic happens")
is more suited to this than the explicit nature of OpenVPN tunnels
("tunnel from *here* to *there*, these IP addresses in *this* tunnel,
...").
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpJDJNPT1EHT.pgp
Description: PGP signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
