Looking for DMVPN implementation

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Looking for DMVPN implementation

J.Sauer
Hi OpenBSD community,

i'm looking for an OpenSource implementation of DMVPN (Dynamic Multipoint Virtual private network).

Currently i just found the draft (from 2013) :
https://tools.ietf.org/html/draft-detienne-dmvpn-00

Comming from Cisco and would be pleased to see it under OpenBSD.
http://www.cisco.com/c/dam/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/DMVPN_Overview.pdf

Hope i could get an advice in how to implement (use) it under OpenDSD.

Regards

Jens Sauer

Reply | Threaded
Open this post in threaded view
|

Re: Looking for DMVPN implementation

Remi Locherer
On Sat, Oct 01, 2016 at 10:44:02PM +0000, Jens Sauer wrote:

> Hi OpenBSD community,
>
> i'm looking for an OpenSource implementation of DMVPN (Dynamic Multipoint Virtual private network).
>
> Currently i just found the draft (from 2013) :
> https://tools.ietf.org/html/draft-detienne-dmvpn-00
>
> Comming from Cisco and would be pleased to see it under OpenBSD.
> http://www.cisco.com/c/dam/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/DMVPN_Overview.pdf
>
> Hope i could get an advice in how to implement (use) it under OpenDSD.

OpenBSD does not have support for mGRE and NHRP.

If you're not having hundreds of sites you want to connect you could set
up tunnels (gif or gre), protect it with ipsec and run a routing protocol
over that. It scales best if you automate it (I use ansible for this).

Remi

Reply | Threaded
Open this post in threaded view
|

Re: Looking for DMVPN implementation

Renato Westphal
In reply to this post by J.Sauer
2016-10-01 19:44 GMT-03:00 Jens Sauer <[hidden email]>:

> Hi OpenBSD community,
>
> i'm looking for an OpenSource implementation of DMVPN (Dynamic Multipoint Virtual private network).
>
> Currently i just found the draft (from 2013) :
> https://tools.ietf.org/html/draft-detienne-dmvpn-00
>
> Comming from Cisco and would be pleased to see it under OpenBSD.
> http://www.cisco.com/c/dam/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/DMVPN_Overview.pdf
>
> Hope i could get an advice in how to implement (use) it under OpenDSD.

Hi Jens,

I already started working on this in g2k16 and I should have something
to show in a few months. In the hackathon, claudio@ gave me some
pointers on how to add multipoint support in gre(4) and right now I'm
evaluating how to design nhrpd(8) in the best way possible (including
the integration with iked(8) - only IKEv2 will be supported).

I'll let you know when I have something ready.

Cheers,
--
Renato Westphal

Reply | Threaded
Open this post in threaded view
|

Re: Looking for DMVPN implementation

J.Sauer
Hi Renato,

i'm excited and cant wait to give it a try - thx so much

cheers

Jens Sauer




----- Urspr√ľngliche Message -----
Von: Renato Westphal <[hidden email]>
An: Jens Sauer <[hidden email]>
CC: "[hidden email]" <[hidden email]>
Gesendet: 17:27 Montag, 3.Oktober 2016
Betreff: Re: Looking for DMVPN implementation

2016-10-01 19:44 GMT-03:00 Jens Sauer <[hidden email]>:

> Hi OpenBSD community,
>
> i'm looking for an OpenSource implementation of DMVPN (Dynamic Multipoint
Virtual private network).
>
> Currently i just found the draft (from 2013) :
> https://tools.ietf.org/html/draft-detienne-dmvpn-00
>
> Comming from Cisco and would be pleased to see it under OpenBSD.
>
http://www.cisco.com/c/dam/en/us/products/collateral/security/dynamic-multipo
int-vpn-dmvpn/DMVPN_Overview.pdf
>
> Hope i could get an advice in how to implement (use) it under OpenDSD.

Hi Jens,

I already started working on this in g2k16 and I should have something
to show in a few months. In the hackathon, claudio@ gave me some
pointers on how to add multipoint support in gre(4) and right now I'm
evaluating how to design nhrpd(8) in the best way possible (including
the integration with iked(8) - only IKEv2 will be supported).

I'll let you know when I have something ready.

Cheers,
--
Renato Westphal