Have a look at Softether-VPN it does everything you need, and supports IPSEC and several other VPN's in one nice portable daemon. On 1 June 2016 at 19:07, Christoph Berthoud wrote:

Hi All,

We are looking for any network consultant/company who can assist with the following. Replies off-list please :)

We have several customers who we have established site-to-site IPSec VPN tunnels with to provide them with remote support (I hate this concept but I have to go with it). Some of these connections are just single sites with a single network, others are to a customer's head office with multiple sites/networks behind. As we onboard more customers, terminating all of these VPNs onto our office firewall/router is becoming a headache. We regularly make changes to our firewall/routing and frequently run into issues affecting the VPN tunnels. We also have complex NATing for customers that have overlapping subnets.

I want to remove our office firewall/router as the terminating endpoint of these VPN tunnels. My thought is to build a 'hub and spoke' topology, using a centralised hub router to terminate all of the customer VPN tunnels, and our office then also becoming a spoke. Now changes to my office network have no impact on the VPN setup, and vice-versa.

If this is something you, your company or someone you can refer has experience in, I would very much like to hear from you. If you have had this problem in the past and have any other clever solutions, I would also love to hear from you!

Happy long weekend!

-- Thanks Christoph ​ Berthoud​

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz https://list.waikato.ac.nz/mailman/listinfo/nznog