A few questions …

Home Page Forums Network Management ZeroShell A few questions …

This topic contains 3 replies, has 0 voices, and was last updated by  tucker 11 years, 8 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #40764

    tucker
    Member

    I have been playing around with ZS for a few days and I am very impressed. The bonded VPN attracted me to ZS. I had previously implemented a bonded VPN system using Linux and combination of IPIP tunnels, teql driver, traffic shaping and some scripts to add/remove slave devices as the IP tunnel links went up or down. ZS and the VPN implementation is very interesting.

    The current inability to assign a VPN tunnel to a specific WAN interface is limiting the effectiveness of VPN balancing. I can see how the NetBalancer module will address this and the ability to select a gateway interface based upon desitination UDP/TCP port will work very well. I have tried this by hacking the iptables on command line and it works well. By selecting gateway by remote IP or port the system works well. When this is added to the web interface it will be a very interesting product.

    The questions I have are …

    1. Is there any suggestion on when NetBalance will be available? I am willing to Beta test this or get involved in the development if it helps. I would be very eager to test this and I have a live test environment setup for testing bonded systems.

    2. What distribution is ZS built upon?

    3. Would you provide the core distribution of ZS as a general router distribution possibly with no web interface? A self-contained easy to deploy CF based Linux could be very useful for a range of projects.

    Finally, my particular interest is in bonded configurations and I see others are keen on this. I have a lot of experience in this area and I would be willing to create some documentation and setup guides if anyone would be interested in these.

    Thanks for all the work on ZS. This is an excellent project and I am very keen to see how this progresses.

    #45827

    imported_fulvio
    Participant

    @tucker wrote:

    1. Is there any suggestion on when NetBalance will be available? I am willing to Beta test this or get involved in the development if it helps. I would be very eager to test this and I have a live test environment setup for testing bonded systems.

    I know that without the net balancer that allows to make routing decisions based on iptables rules it is not easy to use the VPN Bonding to increase the bandwidth.
    The next week will be available the 1.0.beta7 release that will include the support for the Road Warrior VPN connections with OpenVPN. I decided to allow the use of OpenVPN also for Host-to-LAN VPN because I notice that many users have difficulty to configure L2TP/IPSec clients.
    I will start to develop the 1.0.beta8 release in October and I hope to complete it in November. This release will include the NetBalancer module.

    @tucker wrote:

    2. What distribution is ZS built upon?

    I don’t use a pre-built distribution such as Debian, Fedora, …, but I use to compile the packages directly from source tar.gz.
    In any case, I started with Linux From Scratch.

    @tucker wrote:

    3. Would you provide the core distribution of ZS as a general router distribution possibly with no web interface? A self-contained easy to deploy CF based Linux could be very useful for a range of projects.

    Why? You don’t like ZeroShell’s web interface?

    @tucker wrote:

    Finally, my particular interest is in bonded configurations and I see others are keen on this. I have a lot of experience in this area and I would be willing to create some documentation and setup guides if anyone would be interested in these.

    Any documentation is welcome. Specially if the documentation is about the VPN bonding on which many users ask for greater details, but I am too busy to answer.

    #45828

    tucker
    Member

    @fulvio wrote:

    @tucker wrote:

    1. Is there any suggestion on when NetBalance will be available? I am willing to Beta test this or get involved in the development if it helps. I would be very eager to test this and I have a live test environment setup for testing bonded systems.

    I know that without the net balancer that allows to make routing decisions based on iptables rules it is not easy to use the VPN Bonding to increase the bandwidth.
    The next week will be available the 1.0.beta7 release that will include the support for the Road Warrior VPN connections with OpenVPN. I decided to allow the use of OpenVPN also for Host-to-LAN VPN because I notice that many users have difficulty to configure L2TP/IPSec clients.
    I will start to develop the 1.0.beta8 release in October and I hope to complete it in November. This release will include the NetBalancer module.

    I assume the NetBalancer module will provide an easy way to configure gateway selection based on destination UDP Port which is effectively what I did on CLI to test the function. This would be a great function and will make ZS a very useful tool!

    @tucker wrote:

    2. What distribution is ZS built upon?

    I don’t use a pre-built distribution such as Debian, Fedora, …, but I use to compile the packages directly from source tar.gz.
    In any case, I started with Linux From Scratch.

    I have done a few LFS builds but have always wanted to find a small,tight router distribution that could bring ease of development. Having said that LFS is not that difficult once a development system is available (or indeed the LiveCD build systems is used)

    @tucker wrote:

    3. Would you provide the core distribution of ZS as a general router distribution possibly with no web interface? A self-contained easy to deploy CF based Linux could be very useful for a range of projects.

    Why? You don’t like ZeroShell’s web interface?

    Quite the opposite! I love the GUI and it is a great tool to have. Keep up the great work on this! The only idea I had was to have a purely CLI system that would allow automated build and deployment based upon a central database. This would make management of multi-sites and remote deployment much easier. I had an idea that a “call home” feature for blank routers would allow easy download of a configuration.

    However it was just a thought and something I would have liked to play around with. ZS interface and ease of use is excellent and you have done a great job on this!

    @tucker wrote:

    Finally, my particular interest is in bonded configurations and I see others are keen on this. I have a lot of experience in this area and I would be willing to create some documentation and setup guides if anyone would be interested in these.

    Any documentation is welcome. Specially if the documentation is about the VPN bonding on which many users ask for greater details, but I am too busy to answer.

    I will certainly help on this in due course. As soon as you get the NetBalancer module complete I will happily deloy test configurations and extensively test them on mult-line bonded DSL then document the information with setup guides etc.

    Thanks and I look forward to developments!

    TJ

    #45829

    darrenf
    Member

    Hi tucker, where you able to get bonding to work? I have setup two ZS boxes in my lab and created two VPN’s between them then bonded them together (with bonding & fault tolerance) and it works very well until you unplug one of the links, so the fault tolerance part is not working for me.
    Have you tested the bonding with fault tolerance?

    #45830

    tucker
    Member

    Using the stock setup I did not get fault tolerance to work with bonding.

    I have done bonding many times with Linux and other tools – in fact I am working on a solution now. Fault tolerance is always the issue. On Linux I tend to do the bonding with teql driver. The solution I am working on now simply creates an ipencap tunnel between sites (using dest ip routing to select correct WAN) then creates a teql driver and enslaves the ipip tunnels. I then simply implement ping based link monitoring and when I see a lack of response from the remote end I remove the enslaved interface until it returns. Works quite well.

    I was able to implement this on ZS both at shell using the method outlined above. I was able to create this using part GUI to create the VPN etc. then use shell to fudge the netbalance stuff. I didnt add any link state monitoring on OpenVPN system as I didnt have time to look into how to dynamically add or remove the VPN links using shell.

    This is part of the reason I mentioned the query on ZS as a shell only tool and when the netbalance would be added to the GUI. I can see a lot of potential for this and ZS is an excellent package for this.

    BTW I have been thinking on bonding and clearly there is a lot of interest. I have ZS systems (along with my other bonding systems) installed in a data centre. I also have a /20 that I subnet and allocate to installed systems and can thus route allocations to routers that can then route them onwards. I have used this to deliver a block of IP from data centre to client-side ZS unit. At data centre I also have BGP routed transit at Tier-1 and can thus provide excellent routing to the Internet. At the head-end I have full access to our own DSL platform and can deploy ZS at head and tail end of the DSL service to provide a bonded DSL with full resilient routing.

    I already offer this service to a range of clients as we can also host servers at the head-end and have peering with VoIP interconnect etc. I had been contemplating the option to provide a ZS head-end bonding service providing bonded public Internet access. That is one of the reasons I have been so keen to test with ZS! I wonder would there be much interest for this as a general service rather than a specific solution.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.