[GRLUG] OpenSWAN, LINUX, & VRF [Was: VPN Help]

Clute, Darrel darrel at darrelclute.net
Sun Aug 4 20:27:21 EDT 2013


Adam,

Take a look at kernel namespaces, specifically the network portions.  This
is being used by Linux containers, OpenStack and OpenShift for example to
provide isolation, beyond just networking.  On mobile otherwise I'd provide
URLs.

Sincerely,

Darrel Clute
On Aug 4, 2013 6:03 PM, "Adam Tauno Williams" <awilliam at whitemice.org>
wrote:

> On Sun, 2013-08-04 at 18:54 -0400, Greg Folkert wrote:
> > I replaced a CISCO something or other with an 850MHz PIII "Network
> > Blazer" 1U machine in mid-2007. I had 15 B-to-B VPNs going to it from
> > many disparate systems. All of them worked with OpenSWAN even back then,
> > mainly because of the wonderful documentation they still have. It has
> > one thing bad about it, it was information dense and tough for the
> > uninitiated to understand. But read through it 5 or 6 times and it
> > should just click.
>
> I haven't looked in awhile; but is there a LINUX / iptables equivalent
> to VRF [Virtual Router Framework]?  Which allows the LINUX kernel to
> host multiple independent routing tables assigned to grouped/labeled
> interfaces?
>
> A quick scan of the interwebz finds <http://linux-vrf.sourceforge.net/>
> which smells experimental [but at least reasonably current].
>
> Perhaps the kernel has something similar under a different name?
>
> VRF makes configuration of tunnels and security zones dramatically
> simpler.
>
>
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20130804/a22a57e8/attachment.html>


More information about the grlug mailing list