Server Installation 2021

[Penri]

It’s going to have to fit around the others things going on given the ongoing situation, I’ll post when I’ve done it.
Penri

[TerryJC]

Penri installed the server this morning, but it didn't work. I'm fairly sure that I identified the mistake that I made when I made the CA Cert and have now retrieved the hardware and rectified the problem. The one thing that I can't test when the server is running in my work room is connecting to the server when it is running at WMT.

I'll be returning the hardware to Penri tomorrow morning.

[TerryJC]

Since the last posting I've been in communication with the author of PiStrong and he has helped me identify the problem. Fundamentally. it comes down to two things; there have been some changes to the script makeMyCa, which weren't reflected into the Installation Spec that I wrote in June 2020. So when I installed the software this time, there were errors in the answers that I gave to the queries in the script which confused it into generating User Certs for the wrong Domain. The moral of the story; make sure that you fully understand what a piece of software is doing before you use it.

The good news is that the author has taken on board a couple of suggestions and will improve the interface to avoid this problem in the future.

So the VPN Server is now installed and running, although it gives access to nothing at the moment because the Big Switch is powered down. I would have expected to be able to connect to the Webserver on 192.168.0.1, but I can't, so I need to pursue that next week.

Penri,

The next time you are in, could you check that the Webserver Pi is powered and connected to the two switches?

I have prepared User Certs for Hamish and Patrick that will allow connections to the new server. I will forward those shortly by the usual methos.

[Penri]

Terry

I will check of course but short of accidentally disturbing something I didn’t touch the web server or it’s connections.

Penri

[TerryJC]

Penri,

Have you had a chance to look at this? It occurs to me that the Pi may have powered down under the control of the UPS and not restarted again.

[Penri]

Terry

Not yet, I’m haven’t been in today so will make time tomorrow.

Penri

[hamishmb]

While I was setting my desktop up for the VPN, I noticed a couple of errors in the installation spec when 192.169 was used instead of 192.168. I have corrected these and bumped the issue number to 0.2, new document attached for review.

[TerryJC]

Thanks Hamish,

I've uploaded it to the fileserver.

[hamishmb]

Here are the speed test and latency results for the VPN system now it is in-situ back at WMT.

Pinging VPN server (network connection is down at the moment due to maintenance):

Code: Select all

PING 192.168.0.30 (192.168.0.30) 56(84) bytes of data.
64 bytes from 192.168.0.30: icmp_seq=1 ttl=64 time=30.7 ms
64 bytes from 192.168.0.30: icmp_seq=2 ttl=64 time=21.8 ms
64 bytes from 192.168.0.30: icmp_seq=3 ttl=64 time=21.4 ms
64 bytes from 192.168.0.30: icmp_seq=4 ttl=64 time=21.9 ms
64 bytes from 192.168.0.30: icmp_seq=5 ttl=64 time=22.0 ms

--- 192.168.0.30 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 21.433/23.581/30.737/3.582 ms

Roughly comparable to when the kit was at Terry's.

speedtest-cli from VPN server:

Code: Select all

Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Upp Corporation Ltd (London) [1.28 km]: 1592.191 ms
Testing download speed................................................................................
Download: 10.75 Mbit/s
Testing upload speed......................................................................................................
Upload: 3.96 Mbit/s

Better than it used to be, but not by much. The absurdly long ping time suggests that latency/connection stability is still a problem, but the SSH connection is much more responsive than it was with the Pi 1.

Transferring a 50MiB zero-filled file from and to the VPN Server (/tmp to avoid SD card limitations):

From VPN Server:

Code: Select all

zero.img                                      100%   50MB 931.1KB/s   00:54

Loses out slightly to Terry's network connection, but not by much.

To VPN Server:

Code: Select all

zero.img                                      100%   50MB   1.7MB/s   00:29

Not bad at all!

One CPU core of the VPN Server was pegged during the download from the VPN Server, so I suspect that is the bottleneck, but it is more than usable as it is. I guess receiving and un-encrypting the data over SCP might be quicker than encrypting it, hence the faster upload speed?

Bear in mind that my VDSL connection's upload maxes out at about 2 MB/s up (about average) so the upload speed is pretty excellent.

[hamishmb]

NB: WMT-Webserver still seems to be down, cannot ping and "no route to host" received when trying to SSH in.