Wan Optimization Support

Technical => Deployment => Topic started by: smadon on July 30, 2017, 06:23:31 PM

Title: Setup in Lab between branch Office and HQ through a VPN
Post by: smadon on July 30, 2017, 06:23:31 PM
Hi,

First thank you to let us try your solution on lab.

I am doing a study on providing solution for NGO to improve their connectivities with WAN Optimizer.

On my Lab I have this situation.
(https://docs.google.com/document/d/1Q_i40NoL8AemC1-13Sr2wsjWF3SiFsGP5-rp7_Jyue4/edit?usp=sharing)
https://docs.google.com/document/d/1Q_i40NoL8AemC1-13Sr2wsjWF3SiFsGP5-rp7_Jyue4/edit?usp=sharing
Branch PC - WANOSBranch - RouterBranch - Internet - RouterHQ - ServerHQ

a VPN IPSec is setup between both router, but the WanosBranch is not optimization the traffic.
I can from both site, accessing the Wanos server.
wanos can access Internet, and I can see the traffic on the thorough put but with no optimisation.

I read about the option 76, but i don't see this option on the vpn setup for the router (Zyxel)

How the wanos Branch can see the WanosHQ? I suppose I need to give the path? where should I configure it ?

thankds for your help

I am using version 4.
Both wanos are on esxi 6.5

Regards
Smadon
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: smadon on July 31, 2017, 07:16:32 AM
To add some Info:

I check if the network Interface are ok, and it's fine. See picture.

I even try to switch the interface on both wanos, but without success.
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: smadon on July 31, 2017, 12:33:56 PM
Furthermore.

I tried to change the encapsulation to UDP, and it still the same, no optimization.

For help, I attached the TCPDump (image attached)
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: smadon on July 31, 2017, 12:39:15 PM
Don't know if it help,

but in the loggging page :

I have always this message:
Code: [Select]
[Mon Jul 31 14:36:09 2017] : Debug : wdpi received packet without a valid session id
[Mon Jul 31 14:36:09 2017] : Debug : wdpi received packet without a valid session id
[Mon Jul 31 14:36:09 2017] : Debug : wdpi received packet without a valid session id
[Mon Jul 31 14:36:09 2017] : Debug : wdpi received packet without a valid session id
[Mon Jul 31 14:36:20 2017] : Debug : wdpi received packet without a valid session id
[Mon Jul 31 14:36:20 2017] : Debug : wdpi received packet without a valid session id
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: ahenning on July 31, 2017, 01:20:17 PM
Hi smadon,

If the firewall cannot be configured to not strip TCP options, then I recommend to configure tunnel mode and not bridge mode.
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: ahenning on July 31, 2017, 01:21:54 PM
Lastly tcpdump shows https traffic, so not expecting to see options there.
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: smadon on August 01, 2017, 08:33:46 AM
hi,

I am getting more confused :-(
I took out the both router and plug both server on the same switch. (network map attached)
and I still don't see any optimize traffic.

I attached as well the TCP Dump for both server.

is the Option 76 still not going through the LAN ?

Thanks for your help.
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: ahenning on August 01, 2017, 09:07:22 AM
Good idea to make a simple setup first.

There are no TCP option 76 tags in the TCPdump and therefore optimization is not going to work until that has been resolved:
1) Check that lan0 connects to the LAN side. In other words lan0 connects to the server on the HQ side. lan0 on the branch side connects to the workstation. Both wan0 connects to the network in between them, normally the routers/firewalls. Use the MAC address to determine that it is correct.
2) If running v.4.1.3, make sure the status says licensed and not "Unlicensed - Bypass". If bypass, send the tokens to support at wanos
3) Check the traffic policies to ensure that traffic is not bypassed with a bypass rule.

Think about it, after installing the images, all that is needed is to connect the wan0 interfaces together and start generating non-bypassed TCP traffic. If running >=4.1.3, then load a key as well.
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: smadon on August 01, 2017, 09:28:27 AM
AHHHH !!
the second point is the issue.
I am still having "Unlicenced - Bypass", I will send another request fror the token to the support right now.
Do you know how long it will take then? I send 2 request (one for HQ and Branch Office) but still waiting the answer.

I will keep you inform if the licence solve my issue.

Regards
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: ahenning on August 01, 2017, 09:47:47 AM
Usually within a couple hours. Please send an email to support at wanos from. Sometimes trial keys are registered from an email address, that does not exist

Edit: postmaster undeliverable to hes-co.ch
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: smadon on August 01, 2017, 10:02:17 AM
it work much better now with the licence.  :-)

I will do the  test again with the VPN, and see if it work as well.
Thanks for the support.

Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: smadon on August 01, 2017, 04:45:01 PM
Hello,

Work fine now over the IPSec Tunnel. So my issue was link with the licence.

Thanks for your help. :-)
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: llcentinelall on January 05, 2018, 03:35:38 PM
Hello,

Work fine now over the IPSec Tunnel. So my issue was link with the licence.

Thanks for your help. :-)

Hello,

I want to know if WANOS has been excellent under your IPsec VPN to date.

You tell me

Thank you
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: smadon on January 08, 2018, 09:32:28 AM
Hi,

I don't know what you mean by excellent, but I can tell you that  it was working.
It did the Job :-)
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: leezy on December 03, 2019, 11:04:53 AM
i think wan optimization happens only if the traffic transfer are untouch... has anyone here tested with Zerto replication? any improvement if still install WANOS between the sites?

any statistical data shows for WANOS over actual production environment?
Title: Re: Setup in Lab between branch Office and HQ through a VPN
Post by: ahenning on December 03, 2019, 11:21:15 AM
Yes, WAN Optimization works well on Zerto replication. It still depends on the data that is being replicated and zerto builtin encryption/compression disabled.