Managed to solve this using the hub-spoke model. If anyone would happen to
stumble upon this thread in need of further help, I found the following
strongSwan article was useful:
https://wiki.strongswan.org/projects/strongswan/wiki/SubnetsBehindMoreThanTwoGateways.
As for using connmark, there
Hello,
Thank you for the advice! I am trying to puzzle out a few things:
For a fully meshed network, is it possible to connect two hosts without a
public IP (e.g. home PCs)? Or are we restricted to a partial mesh in that case?
For the hub-spoke model, I'm thinking that we either have one of
Hello,
That's perfectly feasible with strongSwan. Details would need to be discussed
in particular. E.g. regarding any needed ACLs.
It's possible to build a dynamic fully meshed network using an OpenNHRP
compatible patched version of strongSwan. It requires some extra care though,
because it's
> How many sites / offices do you want to connect?
It would be a limited amount of sites, we can assume that it will be between 2
to 10 sites.
> Do you want to be able to communicate any-to-any? Or only from anyone to a
> datacenter?
We wish to communicate any-to-any.
> What architecture do
Am 25.04.19 um 15:52 schrieb Marwan Khalili:
> Hi,
>
> We currently have a host-to-site (roadwarrior) IKEv2 solution that we wish to
> expand further. Our clients are calling for a solution that allows multiple
> sites and hosts to connect to the same VPN.
>
> Example of a use case would be that
Hi,
We currently have a host-to-site (roadwarrior) IKEv2 solution that we wish to
expand further. Our clients are calling for a solution that allows multiple
sites and hosts to connect to the same VPN.
Example of a use case would be that a client has installed routers in various
offices and
