Wan Optimization Support

Technical => Configuration => : q8reflex July 05, 2017, 01:30:49 PM

: [v.4 MultiSite] Where to add peers?
: q8reflex July 05, 2017, 01:30:49 PM

Went through all the documenation like twice at least, can't seem to find the correct way to link two wanos's in bridge mode, one barebone hardware at home and the other one in KVM instance at a data center.

Any idea?

_{Edit: Add v.4 to subject}

: Re: Where do you add a peer in point-to-point setup?
: q8reflex July 06, 2017, 10:27:05 AM

Ok, any idea why Multisite wont show in Configure menu? that's at the KVM instance at the data center side. We did launch the instance according to minimum hardware requiements, is there any setting in shell we can alter to get the Multisite option in menu? If Multisite is not an option, how do we setup point-to-point?

: Re: [v.4 MultiSite] Where to add peers?
: ahenning July 06, 2017, 11:01:23 AM

Multisite is not an option in v.4, it is always on by default and auto detected and auto configured.

If both sides are in bridge mode, with default settings, lan0 and wan0 are mapped correctly so that the wan0 points to each other then once TCP traffic starts to flow in both ways the peers will detect each other automatically.

The minimum requirement for bridge mode peering:
Default settings (e.g. Bridge mode both sides)
lan0 and wan0 cabled correctly in-path
1x TCP session (not bypassed e.g. HTTPS)
Firewall should not strip TCP Option 76

Optional, but most highly recommended:
IP Address

: Re: [v.4 MultiSite] Where to add peers?
: q8reflex July 06, 2017, 11:21:02 AM

Thanks Antonie,

I'm confused now, where in control panel do you link the two? what about security in this case, do we have some sort of authentication method or encryption to prevent man-in-the-middle risk?

: Re: [v.4 MultiSite] Where to add peers?
: ahenning July 06, 2017, 11:37:38 AM

The way to link via bridge mode:
1) Deploy appliance with default settings, set IP address
2) Connect Wanos-A wan0 to Wanos-B wan0
3) Send TCP traffic from LAN A to LAN B
4) Check peer status.

To force peers, configure tunnel mode.

Wanos should be compatible with your current man-in-the-middle defense. Normally IPSec on the router or firewall as long as wan0 connects to this device and not lan0 (bridge mode).

: Re: [v.4 MultiSite] Where to add peers?
: JohnNicholas July 06, 2017, 11:59:26 AM

Worth pointing out that if peers can't be detected on default settings and just IP changes, then there is something wrong with the way the traffic flows or a firewall is stripping tcp options. In this case forcing peering will lead to another issue, traffic will be passed through. Take a look at the Peer Down (http://wanos.co/docs/docs/wanos-admin-guide/troubleshooting/peer-down/) doc, it has some tips on what normally leads to the peers not showing up or showing down

: Re: [v.4 MultiSite] Where to add peers?
: q8reflex July 06, 2017, 06:08:15 PM

Ok, at the data center WANos KVM instance once we enabled "Tunnel Mode" things went out of control......getting looping scripts in console with the following errors:-

SICOADDRT: Network is unreachable
Routine: removing default gateway
Routine: (lots of other messages)

Btw, we upgraded to v4.1 with no compatible license.

: Re: [v.4 MultiSite] Where to add peers?
: ahenning July 06, 2017, 08:46:36 PM

sudo sed -i 's/tunnel/bridge/' /etc/wanos/wanos.conf

Then configure the tunnel policy (subnet and peer ip) before enabling tunnel mode.

Taking a look at that error now.

Yes, v3 license is not compatible, click the get trial button after running the sed command

: Re: [v.4 MultiSite] Where to add peers?
: q8reflex July 06, 2017, 09:17:37 PM

I used the 4.0.3 license you gave gave me in last email. Attached an image showing the errors i'm seeing. As for the sed command, i can use NANO in console, do you want me to replace "tunnel" with "bridge"  in wanos.conf?

: Re: [v.4 MultiSite] Where to add peers?
: ahenning July 06, 2017, 09:25:56 PM

yes change to bridge and add tunnel config or update to 4.1.1 that avoids this (tunnel mode without tunnel config).

4.0.3 beta and v.3 keys don't with 4.1

: Re: [v.4 MultiSite] Where to add peers?
: q8reflex July 07, 2017, 12:20:43 AM

I tried to do

wget http://wanos.co/updateinfo/update-4.1.1.sh

But file doesn't exist yet.

: Re: [v.4 MultiSite] Where to add peers?
: q8reflex July 07, 2017, 11:06:09 AM

: ahenning  July 06, 2017, 11:37:38 AM

2) Connect Wanos-A wan0 to Wanos-B wan0

Ok, 4.1.1 has change a lot of things in the control panel. How do you link the two devices together now? do you have to add them in routes or tunnel policies?

: Re: [v.4 MultiSite] Where to add peers?
: JohnNicholas July 07, 2017, 08:36:39 PM

As far as I know there are no UI changes from v.4 to v.4.1.1

BTW Why don't you use the Production images?

: Re: [v.4 MultiSite] Where to add peers?
: q8reflex July 07, 2017, 08:45:53 PM

Production you mean v3.x? we only focusing on 4.x because the tunnel will serve the whole traffic (optimzied and non-optimized) which is a feature we need. Besides, our 4.x testing served this project already. :)

: Re: [v.4 MultiSite] Where to add peers?
: JohnNicholas July 07, 2017, 08:49:46 PM

FEC, TCP Acceleration, PLR sounds like what you need so v.4 is probably the way to go

: Re: [v.4 MultiSite] Where to add peers?
: q8reflex July 07, 2017, 08:55:26 PM

The funny thing is..........

We still can't figure out how the two things communicate?!!

- There is no secure handshaking!
- There is no (challenge/cipher/authentication) method described anywhere!
- There is no configuration anywhere!
- There is no documenataion explaning this vital part!

Please, somebody explains this.......4 days living in this website so far and still nothing. :(

: Re: [v.4 MultiSite] Where to add peers?
: ahenning July 07, 2017, 09:26:32 PM

q8reflex 8) v.3 is Prod and documented, Use Production if documentation is needed. v.4 beta is in the process of going to prod. v.4.1 is hours old and you'll notice that only v.4.0.3 is mentioned in the download section. Documentation is updated daily as we change and add info relevant to v.4

I don't agree that there is no configuration anywhere and suspect this stems from over-complicating things. You don't need to configure, it is much simpler than you think. That is the point.

Further it seems there is a miss-understanding that Wanos is a Home user Internet Accelerator. I'll agree that it can be applied in that way and perhaps we should focus more on it, but it is a business product first and we tailor it to that market.

I am puzzled that man in the middle attacks are of concern since the objective is to accelerate Internet traffic. How is the public Internet more secure than inside our protocols?

For secure internal communication over the public internet use Wanos IPsec encapsulation for tunnel mode.

Release Notes: Release Notes / Changelog (http://wanos.co/docs/docs/knowledgebase/changelog/)

Hand-Shake:

Debug : rsp_peer1 state set to SYN_SENT
Debug : handler1 Peer Alive
Debug : rsp_peer1 state set to OPEN