Author Topic: [v.4 MultiSite] Where to add peers?  (Read 12136 times)

q8reflex

  • Full Member
  • *****
  • Posts: 26
    • View Profile
[v.4 MultiSite] Where to add peers?
« on: July 05, 2017, 01:30:49 PM »
Went through all the documenation like twice at least, can't seem to find the correct way to link two wanos's in bridge mode, one barebone hardware at home and the other one in KVM instance at a data center.

Any idea?

Edit: Add v.4 to subject
« Last Edit: July 06, 2017, 11:02:36 AM by ahenning »

q8reflex

  • Full Member
  • *****
  • Posts: 26
    • View Profile
Re: Where do you add a peer in point-to-point setup?
« Reply #1 on: July 06, 2017, 10:27:05 AM »
Ok, any idea why Multisite wont show in Configure menu? that's at the KVM instance at the data center side. We did launch the instance according to minimum hardware requiements, is there any setting in shell we can alter to get the Multisite option in menu? If Multisite is not an option, how do we setup point-to-point?

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #2 on: July 06, 2017, 11:01:23 AM »
Multisite is not an option in v.4, it is always on by default and auto detected and auto configured.

If both sides are in bridge mode, with default settings, lan0 and wan0 are mapped correctly so that the wan0 points to each other then once TCP traffic starts to flow in both ways the peers will detect each other automatically.

The minimum requirement for bridge mode peering:
Default settings (e.g. Bridge mode both sides)
lan0 and wan0 cabled correctly in-path
1x TCP session (not bypassed e.g. HTTPS)
Firewall should not strip TCP Option 76

Optional, but most highly recommended:
IP Address
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

q8reflex

  • Full Member
  • *****
  • Posts: 26
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #3 on: July 06, 2017, 11:21:02 AM »
Thanks Antonie,

I'm confused now, where in control panel do you link the two? what about security in this case, do we have some sort of authentication method or encryption to prevent man-in-the-middle risk?

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #4 on: July 06, 2017, 11:37:38 AM »
The way to link via bridge mode:
1) Deploy appliance with default settings, set IP address
2) Connect Wanos-A wan0 to Wanos-B wan0
3) Send TCP traffic from LAN A to LAN B
4) Check peer status.

To force peers, configure tunnel mode.

Wanos should be compatible with your current man-in-the-middle defense. Normally IPSec on the router or firewall as long as wan0 connects to this device and not lan0 (bridge mode).
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

JohnNicholas

  • Team Wanos
  • Contributor
  • Full Member
  • ****
  • Posts: 26
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #5 on: July 06, 2017, 11:59:26 AM »
Worth pointing out that if peers can't be detected on default settings and just IP changes, then there is something wrong with the way the traffic flows or a firewall is stripping tcp options. In this case forcing peering will lead to another issue, traffic will be passed through. Take a look at the Peer Down doc, it has some tips on what normally leads to the peers not showing up or showing down
CCNA

q8reflex

  • Full Member
  • *****
  • Posts: 26
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #6 on: July 06, 2017, 06:08:15 PM »
Ok, at the data center WANos KVM instance once we enabled "Tunnel Mode" things went out of control......getting looping scripts in console with the following errors:-

SICOADDRT: Network is unreachable
Routine: removing default gateway
Routine: (lots of other messages)

Btw, we upgraded to v4.1 with no compatible license.



ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #7 on: July 06, 2017, 08:46:36 PM »
sudo sed -i 's/tunnel/bridge/' /etc/wanos/wanos.conf


Then configure the tunnel policy (subnet and peer ip) before enabling tunnel mode.

Taking a look at that error now.

Yes, v3 license is not compatible, click the get trial button after running the sed command
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

q8reflex

  • Full Member
  • *****
  • Posts: 26
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #8 on: July 06, 2017, 09:17:37 PM »
I used the 4.0.3 license you gave gave me in last email. Attached an image showing the errors i'm seeing. As for the sed command, i can use NANO in console, do you want me to replace "tunnel" with "bridge"  in wanos.conf?

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #9 on: July 06, 2017, 09:25:56 PM »
yes change to bridge and add tunnel config or update to 4.1.1 that avoids this (tunnel mode without tunnel config).

4.0.3 beta and v.3 keys don't with 4.1
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

q8reflex

  • Full Member
  • *****
  • Posts: 26
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #10 on: July 07, 2017, 12:20:43 AM »
I tried to do

wget http://wanos.co/updateinfo/update-4.1.1.sh

But file doesn't exist yet.

q8reflex

  • Full Member
  • *****
  • Posts: 26
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #11 on: July 07, 2017, 11:06:09 AM »
2) Connect Wanos-A wan0 to Wanos-B wan0

Ok, 4.1.1 has change a lot of things in the control panel. How do you link the two devices together now? do you have to add them in routes or tunnel policies?

JohnNicholas

  • Team Wanos
  • Contributor
  • Full Member
  • ****
  • Posts: 26
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #12 on: July 07, 2017, 08:36:39 PM »
As far as I know there are no UI changes from v.4 to v.4.1.1

BTW Why don't you use the Production images?
CCNA

q8reflex

  • Full Member
  • *****
  • Posts: 26
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #13 on: July 07, 2017, 08:45:53 PM »
Production you mean v3.x? we only focusing on 4.x because the tunnel will serve the whole traffic (optimzied and non-optimized) which is a feature we need. Besides, our 4.x testing served this project already. :)

JohnNicholas

  • Team Wanos
  • Contributor
  • Full Member
  • ****
  • Posts: 26
    • View Profile
Re: [v.4 MultiSite] Where to add peers?
« Reply #14 on: July 07, 2017, 08:49:46 PM »
FEC, TCP Acceleration, PLR sounds like what you need so v.4 is probably the way to go
CCNA