From: Ken Bantoft (ken_at_freeswan.ca)
Date: Wed Sep 11 2002 - 14:26:11 CEST
On Wed, 11 Sep 2002, Anuradha Ratnaweera wrote:
>
> We need to establish multiple _simultaneous_ IPSec tunnels to many
> `servers' (please confirm if this is possible, at first place) and each
> server is then connected to a single file server (say F). Once this is
> done, we should be able to use any of the tunnels to reach F.
I don't believe this is possible, having > 1 eroute to the same
destination (can someone confirm/deny) as FreeS/WAN won't install the
route in the routing table for the 2nd, 3rd, 4th, etc... routes. You
might be able to hack the _updown scripts to use iproute2, and support
things like ECMP (Equal Cost Multipath) and other routing tricks to do
this, but it's not supported in a stock FreeS/WAN setup.
>
> Can we use routing features in the kernel to route different packets to
> go through different tunnels, as with normal network interfaces?
>
> app0 ---> kernel ---> ipsec0 ---> server0 --->F
> app1 ---> kernel ---> ipsec1 ---> server1 --->F
> ...
>
> Thanks in advance.
>
> Anuradha
>
>
--
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We
can also factor the number 15 with a dog trained to bark
three times." -- Robert Harley, 5/12/01, Sci.crypt
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Thu Sep 12 2002 - 05:20:02 CEST