User Tools

Site Tools


documentation:examples:validating_openvpn_s_low-latency_servers_selection_patch

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
documentation:examples:validating_openvpn_s_low-latency_servers_selection_patch [2020/10/05 16:48] – [Router 5] olivierdocumentation:examples:validating_openvpn_s_low-latency_servers_selection_patch [2020/10/06 00:58] (current) – [Testing new remote-best-latency option] olivier
Line 17: Line 17:
 <code> <code>
 root@lab:~ # /tools/BSDRP-lab-bhyve.sh -i BSDRP-1.591-full-amd64-vga.img.xz -n 5 -l 1 root@lab:~ # /tools/BSDRP-lab-bhyve.sh -i BSDRP-1.591-full-amd64-vga.img.xz -n 5 -l 1
-vmm module not loaded. Loading it... 
-if_tap module not loaded. Loading it... 
 BSD Router Project (http://bsdrp.net) - bhyve full-meshed lab script BSD Router Project (http://bsdrp.net) - bhyve full-meshed lab script
 Setting-up a virtual lab with 5 VM(s): Setting-up a virtual lab with 5 VM(s):
-- Working directory: /tmp/BSDRP +- Working directory: /root/BSDRP-VMs 
-- Each VM have core(s) and 256M RAM+- Each VM has a total of 1 (1 cores and 1 threads) and 512M RAM 
 +- Emulated NIC: virtio-net
 - Switch mode: bridge + tap - Switch mode: bridge + tap
 - 1 LAN(s) between all VM - 1 LAN(s) between all VM
Line 68: Line 67:
 <code> <code>
 sysrc hostname=R1 \ sysrc hostname=R1 \
-  ifconfig_em0="inet 10.0.1.1/24"+  ifconfig_vtnet0="inet 10.0.1.1/24"
-  ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" \ +  ifconfig_vnet0_ipv6="inet6 2001:db8:1::1 prefixlen 64" \ 
-  ifconfig_em3="inet 192.168.15.1/24"+  ifconfig_vtnet3="inet 192.168.15.1/24"
-  ifconfig_em3_ipv6="inet6 2001:db8:15::1 prefixlen 64" \+  ifconfig_vtnet3_ipv6="inet6 2001:db8:15::1 prefixlen 64" \
   defaultrouter=192.168.15.5 \   defaultrouter=192.168.15.5 \
   ipv6_defaultrouter=2001:db8:15::5   ipv6_defaultrouter=2001:db8:15::5
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf+service hostname restart
 service netif restart service netif restart
 service routing restart service routing restart
Line 82: Line 81:
  
 <code> <code>
-sysrc hostname=R2 +sysrc hostname=R2 \ 
-  ifconfig_em4="inet 10.0.2.2/24"+  ifconfig_vtnet4="inet 10.0.2.2/24"
-  ifconfig_em4_ipv6="inet6 2001:db8:2::2 prefixlen 64" \ +  ifconfig_vtnet4_ipv6="inet6 2001:db8:2::2 prefixlen 64" \ 
-  ifconfig_em3="inet 192.168.25.2/24"+  ifconfig_vtnet3="inet 192.168.25.2/24"
-  ifconfig_em3_ipv6="inet6 2001:db8:25::2 prefixlen 64" \+  ifconfig_vtnet3_ipv6="inet6 2001:db8:25::2 prefixlen 64" \
   defaultrouter="192.168.25.5" \   defaultrouter="192.168.25.5" \
   ipv6_defaultrouter="2001:db8:25::5"   ipv6_defaultrouter="2001:db8:25::5"
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf+service hostname restart
 service netif restart service netif restart
 service routing restart service routing restart
Line 98: Line 97:
  
 <code> <code>
-sysrc hostname=R3 +sysrc hostname=R3 \ 
-  ifconfig_em4="inet 10.0.2.3/24"+  ifconfig_vtnet4="inet 10.0.2.3/24"
-  ifconfig_em4_ipv6="inet6 2001:db8:2::3 prefixlen 64" \ +  ifconfig_vtnet4_ipv6="inet6 2001:db8:2::3 prefixlen 64" \ 
-  ifconfig_em3="inet 192.168.35.3/24"+  ifconfig_vtnet3="inet 192.168.35.3/24"
-  ifconfig_em3_ipv6="inet6 2001:db8:35::3 prefixlen 64" \+  ifconfig_vtnet3_ipv6="inet6 2001:db8:35::3 prefixlen 64" \
   defaultrouter="192.168.35.5" \   defaultrouter="192.168.35.5" \
   ipv6_defaultrouter="2001:db8:35::5"   ipv6_defaultrouter="2001:db8:35::5"
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf+service hostname restart
 service netif restart service netif restart
 service routing restart service routing restart
Line 116: Line 115:
  
 <code> <code>
-sysrc hostname=R4 +sysrc hostname=R4 \ 
-  ifconfig_em4="inet 10.0.2.4/24"+  ifconfig_vtnet4="inet 10.0.2.4/24"
-  ifconfig_em4_ipv6="inet6 2001:db8:2::4 prefixlen 64" \ +  ifconfig_vtnet4_ipv6="inet6 2001:db8:2::4 prefixlen 64" \ 
-  ifconfig_em3="inet 192.168.45.4/24"+  ifconfig_vtnet3="inet 192.168.45.4/24"
-  ifconfig_em3_ipv6="inet6 2001:db8:45::4 prefixlen 64" \+  ifconfig_vtnet3_ipv6="inet6 2001:db8:45::4 prefixlen 64" \
   defaultrouter="192.168.45.5" \   defaultrouter="192.168.45.5" \
   ipv6_defaultrouter="2001:db8:45::5"   ipv6_defaultrouter="2001:db8:45::5"
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf+service hostname restart
 service netif restart service netif restart
 service routing restart service routing restart
Line 134: Line 133:
  
 <code> <code>
-sysrc hostname=R5 +sysrc hostname=R5 \ 
-  ifconfig_em0="inet 192.168.15.5/24"+  ifconfig_vtnet0="inet 192.168.15.5/24"
-  ifconfig_em1="inet 192.168.25.5/24"+  ifconfig_vtnet1="inet 192.168.25.5/24"
-  ifconfig_em2="inet 192.168.35.5/24"+  ifconfig_vtnet2="inet 192.168.35.5/24"
-  ifconfig_em3="inet 192.168.45.5/24"+  ifconfig_vtnet3="inet 192.168.45.5/24"
-  ifconfig_em0_ipv6="inet6 2001:db8:15::5 prefixlen 64" \ +  ifconfig_vtnet0_ipv6="inet6 2001:db8:15::5 prefixlen 64" \ 
-  ifconfig_em1_ipv6="inet6 2001:db8:25::5 prefixlen 64" \ +  ifconfig_vtnet1_ipv6="inet6 2001:db8:25::5 prefixlen 64" \ 
-  ifconfig_em2_ipv6="inet6 2001:db8:35::5 prefixlen 64" \ +  ifconfig_vtnet2_ipv6="inet6 2001:db8:35::5 prefixlen 64" \ 
-  ifconfig_em3_ipv6="inet6 2001:db8:45::5 prefixlen 64" \+  ifconfig_vtnet3_ipv6="inet6 2001:db8:45::5 prefixlen 64" \
   firewall_enable=YES \   firewall_enable=YES \
   firewall_script="/etc/ipfw.rules"   firewall_script="/etc/ipfw.rules"
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf 
 cat > /etc/ipfw.rules <<EOF cat > /etc/ipfw.rules <<EOF
 #!/bin/sh #!/bin/sh
Line 157: Line 155:
 \${fwcmd} pipe 53 config delay 50ms \${fwcmd} pipe 53 config delay 50ms
 \${fwcmd} pipe 35 config delay 50ms \${fwcmd} pipe 35 config delay 50ms
-\${fwcmd} add pipe 25 all from any to any in via em1 +\${fwcmd} add pipe 25 all from any to any in via vtnet1 
-\${fwcmd} add pipe 52 all from any to any out via em1 +\${fwcmd} add pipe 52 all from any to any out via vtnet1 
-\${fwcmd} add pipe 35 all from any to any in via em2 +\${fwcmd} add pipe 35 all from any to any in via vtnet2 
-\${fwcmd} add pipe 53 all from any to any out via em2+\${fwcmd} add pipe 53 all from any to any out via vtnet2
 #We don't want to block traffic, only shape some #We don't want to block traffic, only shape some
 \${fwcmd} add allow ip from any to any \${fwcmd} add allow ip from any to any
 EOF EOF
-ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/ipfw.rules+service hostname restart
 service netif restart service netif restart
 service routing restart service routing restart
 +service ipfw start
 config save config save
 </code> </code>
Line 184: Line 183:
 Initialize PKI and generate a DH: Initialize PKI and generate a DH:
 <code> <code>
 +cd /usr/local/etc/easy-rsa
 easyrsa init-pki easyrsa init-pki
 easyrsa gen-dh easyrsa gen-dh
Line 258: Line 258:
 Enable and start openvpn and sshd (we will get certificates files by SCP later): Enable and start openvpn and sshd (we will get certificates files by SCP later):
 <code> <code>
-sysrc sshd_enable=YES +service openvpn enable
-sysrc openvpn_enable=YES+
 service openvpn start service openvpn start
 +service sshd enable
 service sshd start service sshd start
 </code> </code>
Line 311: Line 311:
 Enable and start openvpn: Enable and start openvpn:
 <code> <code>
-sysrc openvpn_enable=YES+service openvpn enable
 service openvpn start service openvpn start
 </code> </code>
Line 357: Line 357:
 Enable and start openvpn: Enable and start openvpn:
 <code> <code>
-sysrc openvpn_enable=YES+service openvpn enable
 service openvpn start service openvpn start
 </code> </code>
Line 392: Line 392:
 </code> </code>
  
 +Check the latency of each servers (200ms, 100ms and less than 1 ms):
 +<code>
 +[root@R1]~# ping -c 2 192.168.25.2
 +PING 192.168.25.2 (192.168.25.2): 56 data bytes
 +64 bytes from 192.168.25.2: icmp_seq=0 ttl=63 time=192.628 ms
 +64 bytes from 192.168.25.2: icmp_seq=1 ttl=63 time=200.045 ms
 +
 +--- 192.168.25.2 ping statistics ---
 +2 packets transmitted, 2 packets received, 0.0% packet loss
 +round-trip min/avg/max/stddev = 192.628/196.336/200.045/3.708 ms
 +
 +[root@R1]~# ping -c 2 192.168.35.3
 +PING 192.168.35.3 (192.168.35.3): 56 data bytes
 +64 bytes from 192.168.35.3: icmp_seq=0 ttl=63 time=96.894 ms
 +64 bytes from 192.168.35.3: icmp_seq=1 ttl=63 time=100.052 ms
 +
 +--- 192.168.35.3 ping statistics ---
 +2 packets transmitted, 2 packets received, 0.0% packet loss
 +round-trip min/avg/max/stddev = 96.894/98.473/100.052/1.579 ms
 +
 +[root@R1]~# ping -c 2 192.168.45.4
 +PING 192.168.45.4 (192.168.45.4): 56 data bytes
 +64 bytes from 192.168.45.4: icmp_seq=0 ttl=63 time=0.241 ms
 +64 bytes from 192.168.45.4: icmp_seq=1 ttl=63 time=0.257 ms
 +
 +--- 192.168.45.4 ping statistics ---
 +2 packets transmitted, 2 packets received, 0.0% packet loss
 +round-trip min/avg/max/stddev = 0.241/0.249/0.257/0.008 ms
 +</code>
 Enable and start openvpn: Enable and start openvpn:
 <code> <code>
-sysrc openvpn_enable=YES+service openvpn enable
 service openvpn start service openvpn start
 </code> </code>
Line 498: Line 527:
 But the client no more connect to the first declared server but on R4 here (why?). But the client no more connect to the first declared server but on R4 here (why?).
  
 +Bug on last version:
 +<code>
 +[root@R1]/usr/local/etc/openvpn# openvpn openvpn.conf
 +Tue Oct  6 00:57:23 2020 OpenVPN 2.4.9 amd64-portbld-freebsd13.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct  5 2020
 +Tue Oct  6 00:57:23 2020 library versions: OpenSSL 1.1.1h-freebsd  22 Sep 2020, LZO 2.10
 +SHM 3
 +Invalid port number: -4600
 +Service was not recognized for socket type: No error: 0
 +Invalid port number: -4587
 +Service was not recognized for socket type: No error: 0
 +Invalid port number: 2793528
 +Service was not recognized for socket type: No error: 0
 +Invalid port number: 0
 +Invalid port number: 519602944
 +Service was not recognized for socket type: No error: 0
 +Invalid port number: 1701407843
 +Service was not recognized for socket type: No error: 0
 +Oct  6 00:57:23 router openvpn[78665]: stack overflow detected; terminated
 +Invalid port number: 0
 +Invalid port number: 1095649103
 +Service was not recognized for socket type: No error: 0
 +Oct  6 00:57:23 router openvpn[82522]: stack overflow detected; terminated
 +Invalid port number: 538968179
 +Service was not recognized for socket type: No error: 0
 +Invalid port number: 538968179
 +Service was not recognized for socket type: No error: 0
 +Invalid port number: 14983496
 +Service was not recognized for socket type: No error: 0
 +Invalid port number: 14790984
 +Service was not recognized for socket type: No error: 0
 +Invalid port number: 14790848
 +</code>
documentation/examples/validating_openvpn_s_low-latency_servers_selection_patch.1601909316.txt.gz · Last modified: 2020/10/05 16:48 by olivier

Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki