Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] routing problem

From: Sam Sgro (sam_at_freeswan.org)
Date: Wed Jul 03 2002 - 16:17:57 CEST

Next message: Rommel, Florian: "[Users] freeS/WAN as a hub"
Previous message: Tobias Leers: "[Users] AW: Bintec Configuration"
In reply to: ipsec_at_empireenterprises.com: "RE: [Users] routing problem"
Next in thread: Paul Wouters: "RE: [Users] routing problem"
Reply: Paul Wouters: "RE: [Users] routing problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 2 Jul 2002 ipsec_at_empireenterprises.com wrote:

> It should be said that, depending on the amount of traffic, it is possibly
> cheaper to setup tunnels between all the gateways as opposed to going
> through the one.

I agree. You will waste more of your own bandwidth by requiring traffic for #3
be routed through #2. As well, this setup is less secure: anyone doing traffic
analysis of your sites would quickly realise that the encrypted message from 1
to 2 is similar in timing and size to the encrypted message from 2 to 3;
this actually opens you up to a plaintext attack.

However, there are some good reasons to employ hub topology, depending on how
many remote sites you have and/or if your ISP does silly routing tricks to get
you from #1 to #3.

Sam Sgro
sam_at_freeswan.org

> -----Original Message-----
> From: users-admin_at_lists.freeswan.org
> [mailto:users-admin_at_lists.freeswan.org]On Behalf Of Kuba Leszewski
> Sent: Tuesday, July 02, 2002 3:44 PM
> To: users_at_lists.freeswan.org
> Subject: [Users] routing problem
>
>
> Hi,
>
> I have such situation
>
>
> lan1 ---- ipsec gateway#1 -[ internet ] -- ipsec gateway#2 --- lan2
> ----- other gateway -----lan3
>
> Let's say that:
> lan1 is 172.25.1.0/24
> lan2 is 172.25.2.0/24
> lan3 is 172.25.3.0/24
>
> I can see lan1 form lan2 and vice versa.
> I can see lan2 from lan3 and vice versa.
>
> But I need access from lan1 to lan3.
>
> How to tell ipsec gateway#1 to route packets to lan3 through the ipsec
> tunnel ?
> I think it would do the job.
>
>
> regards
> Kuba
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCUAwUBPSMHl0OSC4btEQUtAQFiOAP4qwwM5fZrMBoGvsffqrCUbcmAT9tpYP+2
lmp/Snh3AaJEHijh0QmKh3Ck7ZU6MjB8VLzt8hUWb/17E0TcRSUCeAP9EL+YTAJA
c6DT9Pjc+8HxW8SDh7WH2GCVjLEZqv8B9Ki5zODgqwBCj7SyIa52rYJbzRonw68I
3OrPdNp+VQ==
=/4O0
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Rommel, Florian: "[Users] freeS/WAN as a hub"
Previous message: Tobias Leers: "[Users] AW: Bintec Configuration"
In reply to: ipsec_at_empireenterprises.com: "RE: [Users] routing problem"
Next in thread: Paul Wouters: "RE: [Users] routing problem"
Reply: Paul Wouters: "RE: [Users] routing problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:18 CEST