Mesh Style VPN
Hi all,
My place of work is wanting to install an ER8411 router at the main site and have 3 other sites (Shed, Town 1, Town 2) VPN to the main site but also be able to mesh between each other in the event a link drops some where. I know a hub and spoke design is possible pretty easily.
Is it possible to do this mesh style VPN with ER605's at the other sites? I've not found anything in my research. I may be searching for the wrong information though.
Any help is appreciated.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Reaper_1994
Thanks for posting in our business forum.
That'll be IPsec site-to-site VPN. You gotta create multiple ones to map your whole network.
Doable. But we don't have instructions for this. You can refer to the site-to-site setup. It's the same but doing multiple times and creating the tunnels between the sites.
I'd recommend you do this with a map on your end. So you know which two sites have been connected.
Connecting Three VPN Routers of Different Geographic Locations Using IPSec VPN
- Copy Link
- Report Inappropriate Content
You have to manually mesh the sites with IPSEC VPNs, so for 4 sites, you have 6 tunnels (think of a square plus two diagonals):
SiteA--SiteB (VPN tunnel1)
SiteA--SiteC (VPN tunnel2)
SiteA--SiteD (VPN tunnel3)
SiteB--SiteC (VPN tunnel4)
SiteB--SiteD (VPN tunnel5)
SiteC--SiteD (VPN tunnel6)
You also have to add some routing, either dynamic via protocol, or static via fixed weights on each route. Let's look at SiteA trying to reach SiteC
Site C:
SiteA-SiteC is already taken care of directly when the tunnel is up.
You would like prefer one path over another, so let's say A-B is a better link than A-D, so now
Route SiteC via SiteB weight 10
Route SiteC via SiteD weight 20
You need to repeat this pair of routes for each possible destination site from SiteA:
Site B:
Route SiteB (tunnel takes care of)
Route SiteB via SiteC weight 10 (preferred). A-C-B
Route SiteB via SiteD weight 20 (backup). A-D-B
and again for Site D:
That way if say the A-C link is broken, you can go ABC (preferred) or ADC (backup)
AFAIK, there is no auto-magic version of this in Omada today.
- Copy Link
- Report Inappropriate Content
Hi @Reaper_1994
Thanks for posting in our business forum.
That'll be IPsec site-to-site VPN. You gotta create multiple ones to map your whole network.
Doable. But we don't have instructions for this. You can refer to the site-to-site setup. It's the same but doing multiple times and creating the tunnels between the sites.
I'd recommend you do this with a map on your end. So you know which two sites have been connected.
Connecting Three VPN Routers of Different Geographic Locations Using IPSec VPN
- Copy Link
- Report Inappropriate Content
@Clive_A Thank you Clive!
by just doing the site to site VPN's, say the link between site A and Site B was to go down, would traffic be able to route from Site A through Site C to get to Site B?
- Copy Link
- Report Inappropriate Content
You have to manually mesh the sites with IPSEC VPNs, so for 4 sites, you have 6 tunnels (think of a square plus two diagonals):
SiteA--SiteB (VPN tunnel1)
SiteA--SiteC (VPN tunnel2)
SiteA--SiteD (VPN tunnel3)
SiteB--SiteC (VPN tunnel4)
SiteB--SiteD (VPN tunnel5)
SiteC--SiteD (VPN tunnel6)
You also have to add some routing, either dynamic via protocol, or static via fixed weights on each route. Let's look at SiteA trying to reach SiteC
Site C:
SiteA-SiteC is already taken care of directly when the tunnel is up.
You would like prefer one path over another, so let's say A-B is a better link than A-D, so now
Route SiteC via SiteB weight 10
Route SiteC via SiteD weight 20
You need to repeat this pair of routes for each possible destination site from SiteA:
Site B:
Route SiteB (tunnel takes care of)
Route SiteB via SiteC weight 10 (preferred). A-C-B
Route SiteB via SiteD weight 20 (backup). A-D-B
and again for Site D:
That way if say the A-C link is broken, you can go ABC (preferred) or ADC (backup)
AFAIK, there is no auto-magic version of this in Omada today.
- Copy Link
- Report Inappropriate Content
say the link between site A and Site B was to go down, would traffic be able to route from Site A through Site C to get to Site B?
but in reality, once the VPN is configured, what can cause the link from A to B to go down ? Only an internet failure , in which case the link from A to C is down as well!
- Copy Link
- Report Inappropriate Content
@MisterW
but in reality, once the VPN is configured, what can cause the link from A to B to go down ? Only an internet failure , in which case the link from A to C is down as well!
There isn't many or any reason a site to site VPN should drop however it is something that I would like to ensure there is a failover/backup option available in the event it ever did to ensure there is little to no down time.
I just read you're other reply too. Thank you!
So setting up static routes in the other sites is recommended to ensure there is a backup route. That's great to know as I was unsure what would have been required.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 514
Replies: 5