Configure VPN between TAS and Test Server
Click here to see this page in full context

Landslide Performance Test System – Release 24.3 September 2024

Configure VPN between TAS and Test Server

VPN support between TAS and Test Server (TS) for simplified connectivity between firewalls. This option reduces the number of UDP ports that are required to be open between TAS and Test Server. All sockets and UDP connections between the TAS and Test Server are inside the VPN connection. First you must establish a SSH session before you can begin with the TAS/TS configuration.

OpenVPN listen on Port 1194 on both TAS and TS.

Establish VPN connection between TAS and Test Server

Enable VPN Server

#########

Setup Server:

SSH to test server, login as cfguser and run ipcfg:

 

##>ipcfg

Note: Do not terminate this Utility, otherwise it can lead to system instability!

Do you wish to Continue (yes/no) [no]: yes                       

TS related processes detected: 0/0.

Stopping Test Server.

### Killing Test Server

 

NOTE - Preferred management port is eth0

 

Designate TAS management port (eth0/eth0v6 -- eth0/eth0v6) [eth0]:

Configure TAS IP Address mode (static/dynamic) [static]:

<eth0> TAS IP Address [MyTasIPAddress]:

<eth0> TAS Network Mask [255.255.255.0]:

<eth0> TAS Auto Negotiate? (yes/no) [yes]:

<eth0> TAS IP Gateway [GatewayIPAddress]:

TAS Host Name [MyTas]:

TAS Enable DNS? (yes/no) [no]:

Modify VPN Service status (yes/no)? [no]: yes                  <- User must enter yes to enable or disable VPN

VPN Server Service (enable/disable) [enable]:                 <- enable/disable option

Enter the VPN server ipaddress [10.8.0.0]:                           <- Server VPN IP Address

Enter the VPN server netmask [255.255.255.0]:                 <- Server VPN Network Mask

TAS Time Sync Protocol (ntp/ptp) [ntp]:                                              

TAS NTP Server IP [NTPServerIPAddress]:                                           

 

System must be rebooted for these changes to take effect... Reboot now? (yes/no) [yes]:

 

Broadcast message from cfguser@Coast190

        (/dev/pts/0) at 17:24 ...

The system is going down for reboot NOW!

##>

Disable VPN Server:

#########

SSH to test server, login as cfguser and run ipcfg:

 

##>ipcfg

Note: Do not terminate this Utility, otherwise it can lead to system instability!

Do you wish to Continue (yes/no) [no]: yes

TS related processes detected: 1/1.

Stopping Test Server (waiting 10 seconds).

### Killing Test Server

 

NOTE - Preferred management port is eth0

 

Designate TS management port (eth0/eth0v6 -- eth3/eth3v6) [eth0]:

Configure TS IP Address mode (static/dynamic) [static]:

<eth0> TS IP Address [10.71.13.52]:

<eth0> TS Network Mask [255.255.255.0]:

<eth0> TS Auto Negotiate? (yes/no) [yes]:

<eth0> TS IP Gateway [10.71.13.1]:

TS Host Name [kvm52]:

Configure TAS IP Address mode (static/dynamic) [static]:

TAS IP Address [10.71.30.190]: 10.71.13.50

Modify VPN Service status (yes/no)? [no]: yes                  <-User must enter yes to enable or disable VPN

VPN Client Service (enable/disable) [enable]: disable       <-enable/disable option

TS Time Sync Protocol (ntp/ptp) [ntp]:

TS NTP Server IP [10.71.30.254]:

 

System must be rebooted for these changes to take effect... Reboot now? (yes/no) [yes]:

 

Broadcast message from cfguser@Coast190

        (/dev/pts/0) at 17:24 ...

The system is going down for reboot NOW!

##>

 

Enable VPN Client

########

Setup Client:

SSH to TS, login as cfguser and run ipcfg:

 

##>ipcfg

Note: Do not terminate this Utility, otherwise it can lead to system instability!

Do you wish to Continue (yes/no) [no]: yes

TS related processes detected: 1/4.

Stopping Test Server (waiting 10 seconds).

### Killing Test Server

 

NOTE - Preferred management port is eth0

 

Designate TS management port (eth0/eth0v6 -- eth9/eth9v6) [eth0]:

Configure TS IP Address mode (static/dynamic) [static]:

<eth0> TS IP Address [10.71.30.44]:

<eth0> TS Network Mask [255.255.255.0]:

<eth0> TS Auto Negotiate? (yes/no) [yes]:

<eth0> TS IP Gateway [10.71.30.1]:

TS Host Name [Coast44]:

Configure TAS IP Address mode (static/dynamic) [static]:

TAS IP Address [10.71.30.190]:

Modify VPN Service status (yes/no)? [no]: yes                  <- User must enter yes to enable or disable VPN

VPN Client Service (enable/disable) [disable]: enable       <- enable/disable option

Enter the Unique VPN Clientid []: 100                                <- VPN Client id

Enter the host ipaddress (vpn server) []: 10.71.30.190    <- Server IP Address

TS Time Sync Protocol (ntp/ptp) [ntp]:

TS NTP Server IP [10.71.30.254]:

System must be rebooted for these changes to take effect... Reboot now? (yes/no) [yes]:

 

Broadcast message from cfguser@Coast190

        (/dev/pts/0) at 17:24 ...

The system is going down for reboot NOW!

##>

 

Note: Make sure the VPN ClientId is unique across Test Servers

Disable - VPN – Client

=================

##>ipcfg

Note: Do not terminate this Utility, otherwise it can lead to system instability!

Do you wish to Continue (yes/no) [no]: yes

TS related processes detected: 1/4.

Stopping Test Server (waiting 10 seconds).

### Killing Test Server

 

NOTE - Preferred management port is eth0

 

Designate TS management port (eth0/eth0v6 -- eth9/eth9v6) [eth0]:

Configure TS IP Address mode (static/dynamic) [static]:

<eth0> TS IP Address [10.71.30.44]:

<eth0> TS Network Mask [255.255.255.0]:

<eth0> TS Auto Negotiate? (yes/no) [yes]:

<eth0> TS IP Gateway [10.71.30.1]:

TS Host Name [Coast44]:

Configure TAS IP Address mode (static/dynamic) [static]:

TAS IP Address [10.71.30.190]:

Modify VPN Service status (yes/no)? [no]: yes

VPN Client Service (enable/disable) [enable]: disable

TS Time Sync Protocol (ntp/ptp) [ntp]:

TS NTP Server IP [10.71.30.254]:

System must be rebooted for these changes to take effect... Reboot now? (yes/no) [yes]: yes

dpkg-query: no packages found matching cloud-init

 

Broadcast message from cfguser@Coast44

        (/dev/pts/1) at 11:26 ...

 

The system is going down for reboot NOW!

 

Broadcast message from cfguser@Coast44

        (/dev/pts/1) at 11:26 ...

 

The system is going down for reboot NOW!

 

////////////////////////////////////////////////////////////////////

Test Server Administration Dialog with VPN link established:

The presence of the Non-VPN Public Address field indicates that a VPN is being used between the TAS and TS.

 

VPN Enabled Test server - If you attempt to change the configuration of a VPN enabled Test Server you may receive an error indicating "The TS is using a VPN to communicate with the TAS, the TAS IP address will not be changed. When the configuration is applied, the TS will stay connected to the current TAS".

 

Recycle – Upgrade – Configure a Test Server ------  do not require direct access and will execute via VPN link.

Connect – Logs – Debug/Trace a Test Server ------  require direct access and depending on Customer network may require the use of a “Non-VPN Public Address”.  When the VPN is enabled, within the TAS, the TS is provisioned using the private VPN IP address. The TAS expects to send/receive data using that IP Address. However, since some utilities in the Landslide Client require direct connection from the Client to the TS, and that private address is probably not routable by the client, it cannot be used. The TS also sends the TS's real management IP Address to the TAS, and the TAS provides this to the Client. When a user attempts to change Debug/Trace, Retrieve the TS Logs, or Connect to the TS, they will be prompted to choose between the private or public IP Address:

See Ping test to verify which connection to use.

Ping test to verify connection:

   

 

© 2024 Spirent Communications Inc. All Rights Reserved.