Differences

This shows you the differences between two versions of the page.

--- documentation:examples:validating_openvpn_s_low-latency_servers_selection_patch [2017/07/07 00:26] – external edit 127.0.0.1
+++ documentation:examples:validating_openvpn_s_low-latency_servers_selection_patch [2020/10/06 00:55] – [R1: OpenVPN client] olivier
@@ Line 17: / Line 17: @@
 <code>
 root@lab:~ # /tools/BSDRP-lab-bhyve.sh -i BSDRP-1.591-full-amd64-vga.img.xz -n 5 -l 1
-vmm module not loaded. Loading it...
-if_tap module not loaded. Loading it...
 BSD Router Project (http://bsdrp.net) - bhyve full-meshed lab script
 Setting-up a virtual lab with 5 VM(s):
-- Working directory: /tmp/BSDRP
+- Working directory: /root/BSDRP-VMs
-- Each VM have 1 core(s) and 256M RAM
+- Each VM has a total of 1 (1 cores and 1 threads) and 512M RAM
+- Emulated NIC: virtio-net
 - Switch mode: bridge + tap
 - 1 LAN(s) between all VM
@@ Line 67: / Line 66: @@
 <code>
-sysrc hostname=R1
+sysrc hostname=R1 \
-sysrc ifconfig_em0="inet 10.0.1.1/24"
+  ifconfig_vtnet0="inet 10.0.1.1/24" \
-sysrc ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
+  ifconfig_vnet0_ipv6="inet6 2001:db8:1::1 prefixlen 64" \
-sysrc ifconfig_em3="inet 192.168.15.1/24"
+  ifconfig_vtnet3="inet 192.168.15.1/24" \
-sysrc ifconfig_em3_ipv6="inet6 2001:db8:15::1 prefixlen 64"
+  ifconfig_vtnet3_ipv6="inet6 2001:db8:15::1 prefixlen 64" \
-sysrc defaultrouter=192.168.15.5
+  defaultrouter=192.168.15.5 \
-sysrc ipv6_defaultrouter=2001:db8:15::5
+  ipv6_defaultrouter=2001:db8:15::5
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf
+service hostname restart
 service netif restart
 service routing restart
@@ Line 82: / Line 81: @@
 <code>
-sysrc hostname=R2
+sysrc hostname=R2 \
-sysrc ifconfig_em4="inet 10.0.2.2/24"
+  ifconfig_vtnet4="inet 10.0.2.2/24" \
-sysrc ifconfig_em4_ipv6="inet6 2001:db8:2::2 prefixlen 64"
+  ifconfig_vtnet4_ipv6="inet6 2001:db8:2::2 prefixlen 64" \
-sysrc ifconfig_em3="inet 192.168.25.2/24"
+  ifconfig_vtnet3="inet 192.168.25.2/24" \
-sysrc ifconfig_em3_ipv6="inet6 2001:db8:25::2 prefixlen 64"
+  ifconfig_vtnet3_ipv6="inet6 2001:db8:25::2 prefixlen 64" \
-sysrc defaultrouter="192.168.25.5"
+  defaultrouter="192.168.25.5" \
-sysrc ipv6_defaultrouter="2001:db8:25::5"
+  ipv6_defaultrouter="2001:db8:25::5"
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf
+service hostname restart
 service netif restart
 service routing restart
@@ Line 98: / Line 97: @@
 <code>
-sysrc hostname=R3
+sysrc hostname=R3 \
-sysrc ifconfig_em4="inet 10.0.2.3/24"
+  ifconfig_vtnet4="inet 10.0.2.3/24" \
-sysrc ifconfig_em4_ipv6="inet6 2001:db8:2::3 prefixlen 64"
+  ifconfig_vtnet4_ipv6="inet6 2001:db8:2::3 prefixlen 64" \
-sysrc ifconfig_em3="inet 192.168.35.3/24"
+  ifconfig_vtnet3="inet 192.168.35.3/24" \
-sysrc ifconfig_em3_ipv6="inet6 2001:db8:35::3 prefixlen 64"
+  ifconfig_vtnet3_ipv6="inet6 2001:db8:35::3 prefixlen 64" \
-sysrc defaultrouter="192.168.35.5"
+  defaultrouter="192.168.35.5" \
-sysrc ipv6_defaultrouter="2001:db8:35::5"
+  ipv6_defaultrouter="2001:db8:35::5"
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf
+service hostname restart
 service netif restart
 service routing restart
@@ Line 116: / Line 115: @@
 <code>
-sysrc hostname=R4
+sysrc hostname=R4 \
-sysrc ifconfig_em4="inet 10.0.2.4/24"
+  ifconfig_vtnet4="inet 10.0.2.4/24" \
-sysrc ifconfig_em4_ipv6="inet6 2001:db8:2::4 prefixlen 64"
+  ifconfig_vtnet4_ipv6="inet6 2001:db8:2::4 prefixlen 64" \
-sysrc ifconfig_em3="inet 192.168.45.4/24"
+  ifconfig_vtnet3="inet 192.168.45.4/24" \
-sysrc ifconfig_em3_ipv6="inet6 2001:db8:45::4 prefixlen 64"
+  ifconfig_vtnet3_ipv6="inet6 2001:db8:45::4 prefixlen 64" \
-sysrc defaultrouter="192.168.45.5"
+  defaultrouter="192.168.45.5" \
-sysrc ipv6_defaultrouter="2001:db8:45::5"
+  ipv6_defaultrouter="2001:db8:45::5"
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf
+service hostname restart
 service netif restart
 service routing restart
@@ Line 134: / Line 133: @@
 <code>
-sysrc hostname=R5
+sysrc hostname=R5 \
-sysrc ifconfig_em0="inet 192.168.15.5/24"
+  ifconfig_vtnet0="inet 192.168.15.5/24" \
-sysrc ifconfig_em1="inet 192.168.25.5/24"
+  ifconfig_vtnet1="inet 192.168.25.5/24" \
-sysrc ifconfig_em2="inet 192.168.35.5/24"
+  ifconfig_vtnet2="inet 192.168.35.5/24" \
-sysrc ifconfig_em3="inet 192.168.45.5/24"
+  ifconfig_vtnet3="inet 192.168.45.5/24" \
-sysrc ifconfig_em0_ipv6="inet6 2001:db8:15::5 prefixlen 64"
+  ifconfig_vtnet0_ipv6="inet6 2001:db8:15::5 prefixlen 64" \
-sysrc ifconfig_em1_ipv6="inet6 2001:db8:25::5 prefixlen 64"
+  ifconfig_vtnet1_ipv6="inet6 2001:db8:25::5 prefixlen 64" \
-sysrc ifconfig_em2_ipv6="inet6 2001:db8:35::5 prefixlen 64"
+  ifconfig_vtnet2_ipv6="inet6 2001:db8:35::5 prefixlen 64" \
-sysrc ifconfig_em3_ipv6="inet6 2001:db8:45::5 prefixlen 64"
+  ifconfig_vtnet3_ipv6="inet6 2001:db8:45::5 prefixlen 64" \
-sysrc firewall_enable=YES
+  firewall_enable=YES \
-sysrc firewall_script="/etc/ipfw.rules"
+  firewall_script="/etc/ipfw.rules"
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf
 cat > /etc/ipfw.rules <<EOF
 #!/bin/sh
@@ Line 157: / Line 155: @@
 \${fwcmd} pipe 53 config delay 50ms
 \${fwcmd} pipe 35 config delay 50ms
-\${fwcmd} add pipe 25 all from any to any in via em1
+\${fwcmd} add pipe 25 all from any to any in via vtnet1
-\${fwcmd} add pipe 52 all from any to any out via em1
+\${fwcmd} add pipe 52 all from any to any out via vtnet1
-\${fwcmd} add pipe 35 all from any to any in via em2
+\${fwcmd} add pipe 35 all from any to any in via vtnet2
-\${fwcmd} add pipe 53 all from any to any out via em2
+\${fwcmd} add pipe 53 all from any to any out via vtnet2
 #We don't want to block traffic, only shape some
 \${fwcmd} add allow ip from any to any
 EOF
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/ipfw.rules
+service hostname restart
 service netif restart
 service routing restart
+service ipfw start
 config save
 </code>
@@ Line 184: / Line 183: @@
 Initialize PKI and generate a DH:
 <code>
+cd /usr/local/etc/easy-rsa
 easyrsa init-pki
 easyrsa gen-dh
@@ Line 258: / Line 258: @@
 Enable and start openvpn and sshd (we will get certificates files by SCP later):
 <code>
-sysrc sshd_enable=YES
+service openvpn enable
-sysrc openvpn_enable=YES
 service openvpn start
+service sshd enable
 service sshd start
 </code>
@@ Line 311: / Line 311: @@
 Enable and start openvpn:
 <code>
-sysrc openvpn_enable=YES
+service openvpn enable
 service openvpn start
 </code>
@@ Line 357: / Line 357: @@
 Enable and start openvpn:
 <code>
-sysrc openvpn_enable=YES
+service openvpn enable
 service openvpn start
 </code>
@@ Line 392: / Line 392: @@
 </code>
+Check the latency of each servers (200ms, 100ms and less than 1 ms):
+<code>
+[root@R1]~# ping -c 2 192.168.25.2
+PING 192.168.25.2 (192.168.25.2): 56 data bytes
+bytes from 192.168.25.2: icmp_seq=0 ttl=63 time=192.628 ms
+bytes from 192.168.25.2: icmp_seq=1 ttl=63 time=200.045 ms
+--- 192.168.25.2 ping statistics ---
+packets transmitted, 2 packets received, 0.0% packet loss
+round-trip min/avg/max/stddev = 192.628/196.336/200.045/3.708 ms
+[root@R1]~# ping -c 2 192.168.35.3
+PING 192.168.35.3 (192.168.35.3): 56 data bytes
+bytes from 192.168.35.3: icmp_seq=0 ttl=63 time=96.894 ms
+bytes from 192.168.35.3: icmp_seq=1 ttl=63 time=100.052 ms
+--- 192.168.35.3 ping statistics ---
+packets transmitted, 2 packets received, 0.0% packet loss
+round-trip min/avg/max/stddev = 96.894/98.473/100.052/1.579 ms
+[root@R1]~# ping -c 2 192.168.45.4
+PING 192.168.45.4 (192.168.45.4): 56 data bytes
+bytes from 192.168.45.4: icmp_seq=0 ttl=63 time=0.241 ms
+bytes from 192.168.45.4: icmp_seq=1 ttl=63 time=0.257 ms
+--- 192.168.45.4 ping statistics ---
+packets transmitted, 2 packets received, 0.0% packet loss
+round-trip min/avg/max/stddev = 0.241/0.249/0.257/0.008 ms
+</code>
 Enable and start openvpn:
 <code>
-sysrc openvpn_enable=YES
+service openvpn enable
 service openvpn start
 </code>