Hub & Multi-Spoke VPN - allow communication between spokes?
-
I currently have a hub and spoke ipsec vpn set up with communication working only from each spoke to the hub not the other spokes. I would like to have the spokes communicate with each other with out destroying the current configuration and moving to a mesh (tinc) but id be open to some feedback on the benefits of tinc over my current configuration so maybe in the future I will migrate to that.
I have read that adding another phase 2 to the spoke I wish to communicate with then repeat that on the other spoke will accomplish this but I have been unsuccessful getting that to work. Do I need to add another phase 2 to the each spoke in the hub as well? I have 7 spokes and it seems like to get them to communicate will be a lot of phase 2 entries…
Here is my current vpn
Hub
10.0.1.0/24Spokes
10.0.2-8.0/24Let me know if what I want to accomplish with what I have set up is feasible.
-
Since you cannot create static routes over IPsec, you need to add Phase2 entries linking the remote and local subnets, on every spoke.
Yes, they will be a lot. If you want full connectivity you will need 8 Phase2's on each spoke.
Best regards!
-
OpenVPN makes it easier.
-
OpenVPN makes it easier.
Do you have an example of this setup or some kind of a guide? I've been trying to get my open vpn setup this way but cannot get more than 1 site to connect to the server successfully.
-
