40? No more 100?
Easy enough: Set up 40 Site2Site VPNs…
Each needs to be “individual”, not sharing certs or shared secrets!
40 VPNs? About a days work. Better doing a list first, with IPs, Shared Secrets and whatever else is needed…
Then sit down in front of your favorite workstation or notebook, and configure one after the other.
Be sure to make breaks in between, otherwise errors cumulate…
I have a similiar task in front of me the next couple of weeks. Need to migrate the big firewall from PFsense to OPNsense. Even as a fork of the other, the config files are very similiar, yet too different…
There are about 50 RoadWarrior VPNs alone on that box, and all NEED to use different Certs…
And there are three failover/load balancing Internet Connections, to make things a little harder…
I have interconnected 10 sites - not using hub and spoke, but each site connected to every other directly… About 100 VPNs… All Sites had low bandwidth (upload), so no central hub…
A lot of work, not much margin for error, but doable, and my client is paying for a top job, so that’s what he gets!!!
My 2 cents
Andy