On 21/07/19 21:57, Toussaint OTTAVI via 44Net wrote:
Of course, I may still continue using Shorewall when other may prefer pfSense. But if we manage to agree on a common VPN technology (L2TP ? OpenVPN ? IPSec ? etc...) and routing infrastructure (iBGP already works on HamNet; should we keep it for internal routing, or can we improve it, f/ex with something handling link priority and weight ?), that would be great. From my point of view, any interconnection technology that requires
going through a third point (e.g. external OpenVPN server) likely won't fly with me. Odds are that any such interconneciton is going to be a long way from here and add unacceptable latency. Ideally, where direct connections are possible, a mesh topology, like the current IPIP mesh is what I'd like to see, regardless of underlying technology. Obviously, there will be corner cases, such as endpoints stuck behind CGNAT, which may require a relay point external to them. For me, I'd rather beat my router into submission and get that direct connection (like I have with IPIP). ;)
As for routing, I'm open to options (and learning). :)