documentation:examples:validating_openvpn_s_low-latency_servers_selection_patch
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
documentation:examples:validating_openvpn_s_low-latency_servers_selection_patch [2020/10/05 16:47] – [Router 2] olivier | documentation:examples:validating_openvpn_s_low-latency_servers_selection_patch [2020/10/06 00:55] – [R1: OpenVPN client] olivier | ||
---|---|---|---|
Line 17: | Line 17: | ||
< | < | ||
root@lab:~ # / | root@lab:~ # / | ||
- | vmm module not loaded. Loading it... | ||
- | if_tap module not loaded. Loading it... | ||
BSD Router Project (http:// | BSD Router Project (http:// | ||
Setting-up a virtual lab with 5 VM(s): | Setting-up a virtual lab with 5 VM(s): | ||
- | - Working directory: /tmp/BSDRP | + | - Working directory: /root/BSDRP-VMs |
- | - Each VM have 1 core(s) and 256M RAM | + | - Each VM has a total of 1 (1 cores and 1 threads) and 512M RAM |
+ | - Emulated NIC: virtio-net | ||
- Switch mode: bridge + tap | - Switch mode: bridge + tap | ||
- 1 LAN(s) between all VM | - 1 LAN(s) between all VM | ||
Line 68: | Line 67: | ||
< | < | ||
sysrc hostname=R1 \ | sysrc hostname=R1 \ | ||
- | | + | |
- | | + | |
- | | + | |
- | | + | |
defaultrouter=192.168.15.5 \ | defaultrouter=192.168.15.5 \ | ||
- | ipv6_defaultrouter=2001: | + | ipv6_defaultrouter=2001: |
- | ifconfig -l | grep -q vtnet && sed -i "" | + | service hostname restart |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 82: | Line 81: | ||
< | < | ||
- | sysrc hostname=R2 | + | sysrc hostname=R2 |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
defaultrouter=" | defaultrouter=" | ||
ipv6_defaultrouter=" | ipv6_defaultrouter=" | ||
- | ifconfig -l | grep -q vtnet && sed -i "" | + | service hostname restart |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 98: | Line 97: | ||
< | < | ||
- | sysrc hostname=R3 | + | sysrc hostname=R3 |
- | sysrc ifconfig_em4="inet 10.0.2.3/ | + | |
- | sysrc ifconfig_em4_ipv6=" | + | |
- | sysrc ifconfig_em3="inet 192.168.35.3/ | + | |
- | sysrc ifconfig_em3_ipv6=" | + | |
- | sysrc defaultrouter=" | + | defaultrouter=" |
- | sysrc ipv6_defaultrouter=" | + | ipv6_defaultrouter=" |
- | ifconfig -l | grep -q vtnet && sed -i "" | + | service hostname restart |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 116: | Line 115: | ||
< | < | ||
- | sysrc hostname=R4 | + | sysrc hostname=R4 |
- | sysrc ifconfig_em4="inet 10.0.2.4/ | + | |
- | sysrc ifconfig_em4_ipv6=" | + | |
- | sysrc ifconfig_em3="inet 192.168.45.4/ | + | |
- | sysrc ifconfig_em3_ipv6=" | + | |
- | sysrc defaultrouter=" | + | defaultrouter=" |
- | sysrc ipv6_defaultrouter=" | + | ipv6_defaultrouter=" |
- | ifconfig -l | grep -q vtnet && sed -i "" | + | service hostname restart |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 134: | Line 133: | ||
< | < | ||
- | sysrc hostname=R5 | + | sysrc hostname=R5 |
- | sysrc ifconfig_em0="inet 192.168.15.5/ | + | |
- | sysrc ifconfig_em1="inet 192.168.25.5/ | + | |
- | sysrc ifconfig_em2="inet 192.168.35.5/ | + | |
- | sysrc ifconfig_em3="inet 192.168.45.5/ | + | |
- | sysrc ifconfig_em0_ipv6=" | + | |
- | sysrc ifconfig_em1_ipv6=" | + | |
- | sysrc ifconfig_em2_ipv6=" | + | |
- | sysrc ifconfig_em3_ipv6=" | + | |
- | sysrc firewall_enable=YES | + | firewall_enable=YES |
- | sysrc firewall_script="/ | + | firewall_script="/ |
- | ifconfig -l | grep -q vtnet && sed -i "" | + | |
cat > / | cat > / | ||
#!/bin/sh | #!/bin/sh | ||
Line 157: | Line 155: | ||
\${fwcmd} pipe 53 config delay 50ms | \${fwcmd} pipe 53 config delay 50ms | ||
\${fwcmd} pipe 35 config delay 50ms | \${fwcmd} pipe 35 config delay 50ms | ||
- | \${fwcmd} add pipe 25 all from any to any in via em1 | + | \${fwcmd} add pipe 25 all from any to any in via vtnet1 |
- | \${fwcmd} add pipe 52 all from any to any out via em1 | + | \${fwcmd} add pipe 52 all from any to any out via vtnet1 |
- | \${fwcmd} add pipe 35 all from any to any in via em2 | + | \${fwcmd} add pipe 35 all from any to any in via vtnet2 |
- | \${fwcmd} add pipe 53 all from any to any out via em2 | + | \${fwcmd} add pipe 53 all from any to any out via vtnet2 |
#We don't want to block traffic, only shape some | #We don't want to block traffic, only shape some | ||
\${fwcmd} add allow ip from any to any | \${fwcmd} add allow ip from any to any | ||
EOF | EOF | ||
- | ifconfig -l | grep -q vtnet && sed -i "" | + | service hostname restart |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
+ | service ipfw start | ||
config save | config save | ||
</ | </ | ||
Line 184: | Line 183: | ||
Initialize PKI and generate a DH: | Initialize PKI and generate a DH: | ||
< | < | ||
+ | cd / | ||
easyrsa init-pki | easyrsa init-pki | ||
easyrsa gen-dh | easyrsa gen-dh | ||
Line 258: | Line 258: | ||
Enable and start openvpn and sshd (we will get certificates files by SCP later): | Enable and start openvpn and sshd (we will get certificates files by SCP later): | ||
< | < | ||
- | sysrc sshd_enable=YES | + | service openvpn enable |
- | sysrc openvpn_enable=YES | + | |
service openvpn start | service openvpn start | ||
+ | service sshd enable | ||
service sshd start | service sshd start | ||
</ | </ | ||
Line 311: | Line 311: | ||
Enable and start openvpn: | Enable and start openvpn: | ||
< | < | ||
- | sysrc openvpn_enable=YES | + | service openvpn enable |
service openvpn start | service openvpn start | ||
</ | </ | ||
Line 357: | Line 357: | ||
Enable and start openvpn: | Enable and start openvpn: | ||
< | < | ||
- | sysrc openvpn_enable=YES | + | service openvpn enable |
service openvpn start | service openvpn start | ||
</ | </ | ||
Line 392: | Line 392: | ||
</ | </ | ||
+ | Check the latency of each servers (200ms, 100ms and less than 1 ms): | ||
+ | < | ||
+ | [root@R1]~# ping -c 2 192.168.25.2 | ||
+ | PING 192.168.25.2 (192.168.25.2): | ||
+ | 64 bytes from 192.168.25.2: | ||
+ | 64 bytes from 192.168.25.2: | ||
+ | |||
+ | --- 192.168.25.2 ping statistics --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
+ | |||
+ | [root@R1]~# ping -c 2 192.168.35.3 | ||
+ | PING 192.168.35.3 (192.168.35.3): | ||
+ | 64 bytes from 192.168.35.3: | ||
+ | 64 bytes from 192.168.35.3: | ||
+ | |||
+ | --- 192.168.35.3 ping statistics --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
+ | |||
+ | [root@R1]~# ping -c 2 192.168.45.4 | ||
+ | PING 192.168.45.4 (192.168.45.4): | ||
+ | 64 bytes from 192.168.45.4: | ||
+ | 64 bytes from 192.168.45.4: | ||
+ | |||
+ | --- 192.168.45.4 ping statistics --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
+ | </ | ||
Enable and start openvpn: | Enable and start openvpn: | ||
< | < | ||
- | sysrc openvpn_enable=YES | + | service openvpn enable |
service openvpn start | service openvpn start | ||
</ | </ |
documentation/examples/validating_openvpn_s_low-latency_servers_selection_patch.txt · Last modified: 2020/10/06 00:58 by olivier