[strongSwan] Need advice on how to connect multiple sites and hosts to a VPN

Thu Apr 25 16:53:19 CEST 2019

Hello,

That's perfectly feasible with strongSwan. Details would need to be discussed in particular. E.g. regarding any needed ACLs.
It's possible to build a dynamic fully meshed network using an OpenNHRP compatible patched version of strongSwan. It requires some extra care though,
because it's evidently not maintained by upstream, but by Timo Teras of Alpine Linux.

The currently possible solution is either a manually configured mesh or a hub-spoke model, like Michael mentioned.
Meaning, there's a central site and all other sites connect to that central site to communicate with the others.
That evidently severely limits the available bandwidth and introduces a SPOF (Single Point Of Failure).

Kind regards

Noel

Am 25.04.19 um 16:26 schrieb Marwan Khalili:
> > How many sites / offices do you want to connect?
>
> It would be a limited amount of sites, we can assume that it will be between 2 to 10 sites.
>
> > Do you want to be able to communicate any-to-any? Or only from anyone to a datacenter?
>
> We wish to communicate any-to-any.
>
> > What architecture do you like to implement? A hub/spoke system would be the easiest.
>
> We were thinking of having a server act as an intermediary which the sites/hosts connect to. Perhaps this is what you meant by hub/spoke system?
>
> However, the architecture is not set in stone and we are open to any solution.
>
>
> Med vänlig hälsning/Regards
>
> Marwan Khalili
> Cell +46 704784722
> marwan.khalili at edgeguide.com
>
> EdgeGuide AB
> S:t Eriksgatan 26, SE-112 39 Stockholm, Sweden
> phone +46 84411690, fax +46 87204190 
> edgeguide.com <http://www.edgeguide.com/>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190425/4f66db96/attachment.sig>