From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RvsAV-0006Rc-JL for garchives@archives.gentoo.org; Fri, 10 Feb 2012 15:13:47 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A784AE06A6; Fri, 10 Feb 2012 15:13:32 +0000 (UTC) Received: from mail-bk0-f53.google.com (mail-bk0-f53.google.com [209.85.214.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 01402E0687 for ; Fri, 10 Feb 2012 15:12:36 +0000 (UTC) Received: by bkcjk7 with SMTP id jk7so2908786bkc.40 for ; Fri, 10 Feb 2012 07:12:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=nTHr6CiWgW6UAiS86Ph3UhNPu5QMlfFdxn7vaSgNMnw=; b=mpxeRs6t5Q4M/eog8NGp5Qlgh7+rW2sD3lg/S4IMDtOOnBLQ7mFuONjKcpJkykwfBK RdORDoZDXW6plngW4LwSlfjqxJhKvEAEIBKzSFBH+SqOlFcE08hyzQt9t3kZMl9OxJlh pP9nlnxPKUksXbpl33tDvXAVzDo6CaDEBczw4= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.205.133.133 with SMTP id hy5mr2742789bkc.94.1328886755936; Fri, 10 Feb 2012 07:12:35 -0800 (PST) Received: by 10.205.124.129 with HTTP; Fri, 10 Feb 2012 07:12:35 -0800 (PST) In-Reply-To: References: Date: Fri, 10 Feb 2012 10:12:35 -0500 Message-ID: Subject: Re: [gentoo-user] Recommended VPN Tunnel client? From: Michael Mol To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 0c7df382-ebf4-450d-a2dd-b756238c846b X-Archives-Hash: 76e9f7451585bd5322960c7e1559132d On Thu, Feb 9, 2012 at 10:48 PM, Pandu Poluan wrote: > Scenario: I have a server in the cloud that needs to connect to an internal > server in the office. There are 2 incoming connections into my office, ISP > "A" and ISP "B". The primary connection is A, but if A goes down, we can use > B. The app running on the cloud server has no automatic failover ability > (i.e., if A goes down, someone must change the app's conf to point to B). > > My thought: If I can make a tunnel from the server to the FortiGate firewall > currently guarding the HQ, the cloud app can simply be configured to connect > to the internal IP address of the internal server. No need to manually > change the app's conf. > > The need: a VPN client that: > + can selectively send packets fulfilling a criteria (in this case, dest= IP > address of internal server)* > + has automatic failover and failback ability > > *solutions involving iptables and iproute2 are also acceptable > > Can anyone point me to the right direction re: what package and the relevant > howto? > > Thanks in advance. > > Rgds, Not exactly what you're looking for, but this might help: http://www.ntop.org/products/n2n/ That would set up reliable visibility on layer 2. You probably want to employ something like 802.1x on top of it. -- :wq