Am Fri, 19 Sep 2008 10:00:43 -0700 schrieb John Shepard:
> Burkhard Ott wrote:
>> Am Tue, 16 Sep 2008 11:56:47 -0700 schrieb John Shepard:
>>
>>> I'm trying to verify the max number of IPSEC tunnels that my OpenSuSE
>>> 10.3 box can support. Since I can't get hundreds of peer IPs, does any
>>> one have any recommendation(s) on how I might go about doing that?
>>
>> depends on you netmasks
>
> Can you please provide some more details?
> e.g., do i setup multiple IP logical address with different netmasks?
192.168.0.1/32 == 192.168.1.1/32 -> 1 tunnel 1 host
192.168.0.0/24 == 192.168.1.0/24 -> 1 tunnel 254 hosts
192.168.0.0/16 == 192.168.1.0/16 -> no tunnel, doesn't work because
routing or you setup host routes manually, but usually that isn't that
what you want.
You also can mix tunnels:
192.168.0.1/32 == 10.0.0.0/24 -> 1 tunnel 1 host can reach 254 host on the
one site and 254 hosts can reach 1 host on the other site.
If you don't use AH you're able to masquerade behind 192.168.0.1/32 etc.
It always depends on what you need.
> Since I'm on a private network so I can pretty much use any IP/netmask
> though I prefer to be on a truly private 192.*/169.* etc network.
You should use only RFC1918 IP's, because every traffic to a tunnel
endpoint will be encrypted.
cheers
|
Similar Threads
Linear Mode
