[Spread-users] Tunnels
Theo Schlossnagle
jesus at omniti.com
Wed Jan 9 11:07:38 EST 2002
On Wednesday, January 9, 2002, at 10:46 AM, Jonathan Stanton wrote:
> Probably the best solution for private ip addresses with security today
> is
> to use IP in IP tunneling (maybe with IPSEC) between your routers on
> each
> private segment. That will appear to spread as if the segments are
> directly
> connected (the traffic will have the right source addresses) and IPSEC
> or
> equivelent provides the security. I thought the overhead of this was
> reasonable, but maybe this is the solution you are referring to below as
> being a lot of overhead.
Just as a note:
I have done this and it works like a charm. (IPSEC based VPN and the
route between machines crosses this virtual link).
Of course, I have the two segments as different segments in the Spread
configuration file and they are on different subnets and IP route
between. So the only (spread related) traffic that traverses the VPN is
point-to-point UDP.
--
Theo Schlossnagle
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7
More information about the Spread-users
mailing list