Lundi 20 avril 2020 (Modifié le Lundi 20 avril 2020)

Liens

iperf : Test performance réseau entre 2 serveurs

Client : 51.75.120.106
Serveur : 5.2.79.107

iperf

On installe l’application iperf3 sur les 2 machines

Serveur
Le serveur doit avoir le port 5201 ouvert , exécuter

iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------

Ce qui apparaît lorsqu’un client fait le test

Accepted connection from 51.75.120.106, port 51906
[  5] local 5.2.79.107 port 5201 connected to 51.75.120.106 port 51908
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-1.00   sec  10.9 MBytes  91.2 Mbits/sec                  
[  5]   1.00-2.00   sec  11.7 MBytes  97.9 Mbits/sec                  
[  5]   2.00-3.00   sec  11.7 MBytes  97.8 Mbits/sec                  
[  5]   3.00-4.00   sec  11.7 MBytes  97.8 Mbits/sec                  
[  5]   4.00-5.00   sec  11.7 MBytes  97.9 Mbits/sec                  
[  5]   5.00-6.00   sec  11.7 MBytes  97.9 Mbits/sec                  
[  5]   6.00-7.00   sec  11.7 MBytes  97.8 Mbits/sec                  
[  5]   7.00-8.00   sec  11.7 MBytes  97.8 Mbits/sec                  
[  5]   8.00-9.00   sec  11.7 MBytes  97.8 Mbits/sec                  
[  5]   9.00-10.00  sec  11.7 MBytes  97.8 Mbits/sec                  
[  5]  10.00-10.09  sec  1.02 MBytes  97.7 Mbits/sec                  

Il reste en écoute sur le port 5201

- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-10.09  sec  0.00 Bytes  0.00 bits/sec                  sender
[  5]   0.00-10.09  sec   117 MBytes  97.2 Mbits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------

Client
Exécuter

iperf3 -c 5.2.79.107
Connecting to host 5.2.79.107, port 5201
[  4] local 51.75.120.106 port 51908 connected to 5.2.79.107 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec  15.1 MBytes   127 Mbits/sec   34    669 KBytes       
[  4]   1.00-2.00   sec  11.6 MBytes  97.5 Mbits/sec    0    752 KBytes       
[  4]   2.00-3.00   sec  11.7 MBytes  98.0 Mbits/sec    0    813 KBytes       
[  4]   3.00-4.00   sec  11.6 MBytes  97.5 Mbits/sec    0    857 KBytes       
[  4]   4.00-5.00   sec  11.7 MBytes  98.0 Mbits/sec   10    642 KBytes       
[  4]   5.00-6.00   sec  11.7 MBytes  98.0 Mbits/sec    0    684 KBytes       
[  4]   6.00-7.00   sec  11.7 MBytes  98.0 Mbits/sec    0    711 KBytes       
[  4]   7.00-8.00   sec  11.6 MBytes  97.5 Mbits/sec    0    727 KBytes       
[  4]   8.00-9.00   sec  11.6 MBytes  97.5 Mbits/sec    0    732 KBytes       
[  4]   9.00-10.00  sec  11.7 MBytes  98.0 Mbits/sec    0    734 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec   120 MBytes   101 Mbits/sec   44             sender
[  4]   0.00-10.00  sec   117 MBytes  98.0 Mbits/sec                  receiver

iperf Done.

Pour information , les performances sont désastreuses depuis le domicile car le max upload est inférieur à 1Mo

iperf3 -c 5.2.79.107
Connecting to host 5.2.79.107, port 5201
[  5] local 10.15.0.3 port 44378 connected to 5.2.79.107 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   159 KBytes  1.30 Mbits/sec    0   40.7 KBytes       
[  5]   1.00-2.00   sec   134 KBytes  1.10 Mbits/sec    0   46.0 KBytes       
[  5]   2.00-3.00   sec  94.6 KBytes   775 Kbits/sec    0   49.9 KBytes       
[  5]   3.00-4.00   sec  99.9 KBytes   818 Kbits/sec    0   57.8 KBytes       
[  5]   4.00-5.00   sec   198 KBytes  1.63 Mbits/sec    0   76.2 KBytes       
[  5]   5.00-6.00   sec   122 KBytes  1.00 Mbits/sec    0    105 KBytes       
[  5]   6.00-7.00   sec   192 KBytes  1.57 Mbits/sec   10   98.6 KBytes       
[  5]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec   17   11.8 KBytes       
[  5]   8.00-9.00   sec   189 KBytes  1.55 Mbits/sec    0   96.0 KBytes       
[  5]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec    5   76.2 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  1.16 MBytes   974 Kbits/sec   32             sender
[  5]   0.00-10.00  sec   887 KBytes   727 Kbits/sec                  receiver

iperf Done.

cinay.eu sans le parefeu

iperf3 -c 5.2.79.107 #-p 2323

client cinay.eu

Connecting to host 5.2.79.107, port 5201
[  5] local 54.37.13.57 port 36112 connected to 5.2.79.107 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  13.9 MBytes   117 Mbits/sec   96    758 KBytes       
[  5]   1.00-2.00   sec  11.6 MBytes  97.5 Mbits/sec    0    841 KBytes       
[  5]   2.00-3.00   sec  11.8 MBytes  99.0 Mbits/sec   10    632 KBytes       
[  5]   3.00-4.00   sec  11.6 MBytes  97.5 Mbits/sec    0    683 KBytes       
[  5]   4.00-5.00   sec  11.6 MBytes  97.5 Mbits/sec    0    714 KBytes       
[  5]   5.00-6.00   sec  11.6 MBytes  97.5 Mbits/sec    0    735 KBytes       
[  5]   6.00-7.00   sec  11.6 MBytes  97.5 Mbits/sec    0    744 KBytes       
[  5]   7.00-8.00   sec  11.6 MBytes  97.5 Mbits/sec    0    747 KBytes       
[  5]   8.00-9.00   sec  11.6 MBytes  97.5 Mbits/sec    0    747 KBytes       
[  5]   9.00-10.00  sec  11.6 MBytes  97.5 Mbits/sec    0    747 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   119 MBytes  99.6 Mbits/sec  106             sender
[  5]   0.00-10.00  sec   117 MBytes  98.0 Mbits/sec                  receiver

iperf Done.

serveur xoyaz.xyz

-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 54.37.13.57, port 36110
[  5] local 5.2.79.107 port 5201 connected to 54.37.13.57 port 36112
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-1.00   sec  10.8 MBytes  90.5 Mbits/sec                  
[  5]   1.00-2.00   sec  11.7 MBytes  97.9 Mbits/sec                  
[  5]   2.00-3.00   sec  11.7 MBytes  97.9 Mbits/sec                  
[  5]   3.00-4.00   sec  11.7 MBytes  98.0 Mbits/sec                  
[  5]   4.00-5.00   sec  11.7 MBytes  97.9 Mbits/sec                  
[  5]   5.00-6.00   sec  11.7 MBytes  97.9 Mbits/sec                  
[  5]   6.00-7.00   sec  11.7 MBytes  98.0 Mbits/sec                  
[  5]   7.00-8.00   sec  11.7 MBytes  97.9 Mbits/sec                  
[  5]   8.00-9.00   sec  11.7 MBytes  98.0 Mbits/sec                  
[  5]   9.00-10.00  sec  11.7 MBytes  97.9 Mbits/sec                  
[  5]  10.00-10.09  sec  1.03 MBytes  98.0 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-10.09  sec  0.00 Bytes  0.00 bits/sec                  sender
[  5]   0.00-10.09  sec   117 MBytes  97.2 Mbits/sec                  receiver

SSHFS

How To Mount a Remote Directory With SSHFS on a Linux

Application installée sur le client et le serveur : sudo apt install ssfs

Créer une liaison réseau SSHFS entre le client cinay.eu et le serveur xoyaz.xyz

cinay.eu
Générer une paire de clé curve25519-sha256 (ECDH avec Curve25519 et SHA2) nommé xoyaz_ed25519 pour une liaison SSH avec le serveur KVM.

ssh-keygen -t ed25519 -o -a 100 -f ~/.ssh/xoyaz_ed25519

Ajouter la clé publique au fichier ~/.ssh/authorized_keys du serveur de backup xoyaz.xyz
Se connecter au serveur backup xoyaz.xyz depuis un terminal autorisé

ssh usernl@5.2.79.107 -p 55036 -i /home/yannick/.ssh/OVZ-STORAGE-128 # connexion SSH serveur backup depuis PC1

cat » ~/.ssh/authorized_keys

Copier/coller le contenu du fichier du fichier de clef publique (fichier ~/.ssh/xoyaz_ed25519.pub de la machine cinay.eu ) dans ce terminal, et presser [Ctrl]+[D] pour valider.

Test connexion

ssh -p 55036 -i /home/wguser/.ssh/xoyaz_ed25519 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null usernl@xoyaz.xyz
Linux backup 2.6.32-042stab140.1 #1 SMP Thu Aug 15 13:32:22 MSK 2019 x86_64
  _               _                          
 | |__  __ _  __ | |__ _  _  _ __            
 | '_ \/ _` |/ _|| / /| || || '_ \           
 |_.__/\__,_|\__||_\_\ \_,_|| .__/           
 __ __ ___  _  _  __ _  ___ |_|_ __ _  _  ___
 \ \ // _ \| || |/ _` ||_ / _ \ \ /| || ||_ /
 /_\_\\___/ \_, |\__,_|/__|(_)/_\_\ \_, |/__|
            |__/                    |__/     
Last login: Sun Apr 12 15:48:22 2020 from 193.32.126.152

Installer SSHFS

sudo apt install sshfs

Créer un dossier de montage

sudo mkdir -p /srv/music
sudo chown $USER.$USER -R /srv/music

Monter le dossier distant /home/usernl/backup/musique sur le dossier local /srv/music

sshfs usernl@xoyaz.xyz:/home/usernl/backup/musique /srv/music -C -p 55036 -oIdentityFile=/home/wguser/.ssh/xoyaz_ed25519

Au premier lancement

The authenticity of host '[xoyaz.xyz]:55036 ([2a04:52c0:101:7ae::7a5e]:55036)' can't be established.
ECDSA key fingerprint is SHA256:PDXQBhTh4oj0cSzgnjCun+J60JDUEk7VeLH2YHZbwMc.
Are you sure you want to continue connecting (yes/no)? yes

Vérifier le dossier music

Autoriser l’accès à la racine des supports FUSE

Il y a des endroits que même les racines ne peuvent pas atteindre. L’un de ces endroits est un volume monté sur FUSE. Je l’ai découvert en essayant d’accéder à un répertoire monté sshfs en tant que root et je me suis vu refuser la permission.

# ls /home/user/dossier
ls: impossible d'accéder à '/home/user/dossier': Permission non accordée

Pour contourner ce problème, faites ce qui suit (ce que j’ai appris en me renseignant sur la défaillance du serveur) :

  1. Ajoutez user_allow_other au fichier /etc/fuse.conf
  2. Exécutez sshfs (ou toute autre commande de montage FUSE) avec l’option -o allow_root

Analyse DNS

analyse des trames udp sur le port 53 avec les outils tcpdump sur le serveur et wireshark en local

Sur le serveur ,installer tcpdump : sudo apt install tcpdump et se mettre en écoute avec capture sur le port 53 de l’interface wg0 wireguard

sudo tcpdump -i wg0 port 53 -w basic_dns.pcap
tcpdump: listening on wg0, link-type RAW (Raw IP), capture size 262144 bytes