documentation:examples:validating_openvpn_s_low-latency_servers_selection_patch
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
documentation:examples:validating_openvpn_s_low-latency_servers_selection_patch [2020/10/05 19:33] – [R2: First OpenVPN server and cert generator] olivier | documentation:examples:validating_openvpn_s_low-latency_servers_selection_patch [2020/10/06 00:58] (current) – [Testing new remote-best-latency option] olivier | ||
---|---|---|---|
Line 17: | Line 17: | ||
< | < | ||
root@lab:~ # / | root@lab:~ # / | ||
- | vmm module not loaded. Loading it... | ||
- | if_tap module not loaded. Loading it... | ||
BSD Router Project (http:// | BSD Router Project (http:// | ||
Setting-up a virtual lab with 5 VM(s): | Setting-up a virtual lab with 5 VM(s): | ||
- | - Working directory: /tmp/BSDRP | + | - Working directory: /root/BSDRP-VMs |
- | - Each VM have 1 core(s) and 256M RAM | + | - Each VM has a total of 1 (1 cores and 1 threads) and 512M RAM |
+ | - Emulated NIC: virtio-net | ||
- Switch mode: bridge + tap | - Switch mode: bridge + tap | ||
- 1 LAN(s) between all VM | - 1 LAN(s) between all VM | ||
Line 68: | Line 67: | ||
< | < | ||
sysrc hostname=R1 \ | sysrc hostname=R1 \ | ||
- | | + | |
- | | + | |
- | | + | |
- | | + | |
defaultrouter=192.168.15.5 \ | defaultrouter=192.168.15.5 \ | ||
ipv6_defaultrouter=2001: | ipv6_defaultrouter=2001: | ||
- | ifconfig -l | grep -q vtnet && sed -i "" | + | service hostname restart |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 82: | Line 81: | ||
< | < | ||
- | sysrc hostname=R2 | + | sysrc hostname=R2 |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
defaultrouter=" | defaultrouter=" | ||
ipv6_defaultrouter=" | ipv6_defaultrouter=" | ||
- | ifconfig -l | grep -q vtnet && sed -i "" | + | service hostname restart |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 98: | Line 97: | ||
< | < | ||
- | sysrc hostname=R3 | + | sysrc hostname=R3 |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
defaultrouter=" | defaultrouter=" | ||
ipv6_defaultrouter=" | ipv6_defaultrouter=" | ||
- | ifconfig -l | grep -q vtnet && sed -i "" | + | service hostname restart |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 116: | Line 115: | ||
< | < | ||
- | sysrc hostname=R4 | + | sysrc hostname=R4 |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
defaultrouter=" | defaultrouter=" | ||
ipv6_defaultrouter=" | ipv6_defaultrouter=" | ||
- | ifconfig -l | grep -q vtnet && sed -i "" | + | service hostname restart |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 134: | Line 133: | ||
< | < | ||
- | sysrc hostname=R5 | + | sysrc hostname=R5 |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
firewall_enable=YES \ | firewall_enable=YES \ | ||
firewall_script="/ | firewall_script="/ | ||
- | ifconfig -l | grep -q vtnet && sed -i "" | ||
cat > / | cat > / | ||
#!/bin/sh | #!/bin/sh | ||
Line 157: | Line 155: | ||
\${fwcmd} pipe 53 config delay 50ms | \${fwcmd} pipe 53 config delay 50ms | ||
\${fwcmd} pipe 35 config delay 50ms | \${fwcmd} pipe 35 config delay 50ms | ||
- | \${fwcmd} add pipe 25 all from any to any in via em1 | + | \${fwcmd} add pipe 25 all from any to any in via vtnet1 |
- | \${fwcmd} add pipe 52 all from any to any out via em1 | + | \${fwcmd} add pipe 52 all from any to any out via vtnet1 |
- | \${fwcmd} add pipe 35 all from any to any in via em2 | + | \${fwcmd} add pipe 35 all from any to any in via vtnet2 |
- | \${fwcmd} add pipe 53 all from any to any out via em2 | + | \${fwcmd} add pipe 53 all from any to any out via vtnet2 |
#We don't want to block traffic, only shape some | #We don't want to block traffic, only shape some | ||
\${fwcmd} add allow ip from any to any | \${fwcmd} add allow ip from any to any | ||
EOF | EOF | ||
- | ifconfig -l | grep -q vtnet && sed -i "" | + | service hostname restart |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
+ | service ipfw start | ||
config save | config save | ||
</ | </ | ||
Line 184: | Line 183: | ||
Initialize PKI and generate a DH: | Initialize PKI and generate a DH: | ||
< | < | ||
+ | cd / | ||
easyrsa init-pki | easyrsa init-pki | ||
easyrsa gen-dh | easyrsa gen-dh | ||
Line 258: | Line 258: | ||
Enable and start openvpn and sshd (we will get certificates files by SCP later): | Enable and start openvpn and sshd (we will get certificates files by SCP later): | ||
< | < | ||
- | sysrc sshd_enable=YES \ | + | service openvpn enable |
- | openvpn_enable=YES | + | |
service openvpn start | service openvpn start | ||
+ | service sshd enable | ||
service sshd start | service sshd start | ||
</ | </ | ||
Line 311: | Line 311: | ||
Enable and start openvpn: | Enable and start openvpn: | ||
< | < | ||
- | sysrc openvpn_enable=YES | + | service openvpn enable |
service openvpn start | service openvpn start | ||
</ | </ | ||
Line 357: | Line 357: | ||
Enable and start openvpn: | Enable and start openvpn: | ||
< | < | ||
- | sysrc openvpn_enable=YES | + | service openvpn enable |
service openvpn start | service openvpn start | ||
</ | </ | ||
Line 392: | Line 392: | ||
</ | </ | ||
+ | Check the latency of each servers (200ms, 100ms and less than 1 ms): | ||
+ | < | ||
+ | [root@R1]~# ping -c 2 192.168.25.2 | ||
+ | PING 192.168.25.2 (192.168.25.2): | ||
+ | 64 bytes from 192.168.25.2: | ||
+ | 64 bytes from 192.168.25.2: | ||
+ | |||
+ | --- 192.168.25.2 ping statistics --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
+ | |||
+ | [root@R1]~# ping -c 2 192.168.35.3 | ||
+ | PING 192.168.35.3 (192.168.35.3): | ||
+ | 64 bytes from 192.168.35.3: | ||
+ | 64 bytes from 192.168.35.3: | ||
+ | |||
+ | --- 192.168.35.3 ping statistics --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
+ | |||
+ | [root@R1]~# ping -c 2 192.168.45.4 | ||
+ | PING 192.168.45.4 (192.168.45.4): | ||
+ | 64 bytes from 192.168.45.4: | ||
+ | 64 bytes from 192.168.45.4: | ||
+ | |||
+ | --- 192.168.45.4 ping statistics --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
+ | </ | ||
Enable and start openvpn: | Enable and start openvpn: | ||
< | < | ||
- | sysrc openvpn_enable=YES | + | service openvpn enable |
service openvpn start | service openvpn start | ||
</ | </ | ||
Line 498: | Line 527: | ||
But the client no more connect to the first declared server but on R4 here (why?). | But the client no more connect to the first declared server but on R4 here (why?). | ||
+ | Bug on last version: | ||
+ | < | ||
+ | [root@R1]/ | ||
+ | Tue Oct 6 00:57:23 2020 OpenVPN 2.4.9 amd64-portbld-freebsd13.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 5 2020 | ||
+ | Tue Oct 6 00:57:23 2020 library versions: OpenSSL 1.1.1h-freebsd | ||
+ | SHM 3 | ||
+ | Invalid port number: -4600 | ||
+ | Service was not recognized for socket type: No error: 0 | ||
+ | Invalid port number: -4587 | ||
+ | Service was not recognized for socket type: No error: 0 | ||
+ | Invalid port number: 2793528 | ||
+ | Service was not recognized for socket type: No error: 0 | ||
+ | Invalid port number: 0 | ||
+ | Invalid port number: 519602944 | ||
+ | Service was not recognized for socket type: No error: 0 | ||
+ | Invalid port number: 1701407843 | ||
+ | Service was not recognized for socket type: No error: 0 | ||
+ | Oct 6 00:57:23 router openvpn[78665]: | ||
+ | Invalid port number: 0 | ||
+ | Invalid port number: 1095649103 | ||
+ | Service was not recognized for socket type: No error: 0 | ||
+ | Oct 6 00:57:23 router openvpn[82522]: | ||
+ | Invalid port number: 538968179 | ||
+ | Service was not recognized for socket type: No error: 0 | ||
+ | Invalid port number: 538968179 | ||
+ | Service was not recognized for socket type: No error: 0 | ||
+ | Invalid port number: 14983496 | ||
+ | Service was not recognized for socket type: No error: 0 | ||
+ | Invalid port number: 14790984 | ||
+ | Service was not recognized for socket type: No error: 0 | ||
+ | Invalid port number: 14790848 | ||
+ | </ |
documentation/examples/validating_openvpn_s_low-latency_servers_selection_patch.1601919202.txt.gz · Last modified: 2020/10/05 19:33 by olivier