irouter:vpn:sd-wan
SD-WAN 异地局域网互联
本篇主要介绍通过 SSLVPN/OpenVPN 实现异地局域网互联,关于 SSL VPN 的常规配置,请参考:SSL VPN
网络拓扑
环境要求:
总部需要有固定公网IP的外网线路(可以是PPPoE拨号接入,但IP必须是固定不变的)。
总部服务端配置
1. 配置 SSL VPN 服务端参数
2. 添加 VPN 账号
为每一个分公司创建不同的VPN账号。
应用-》本地认证账号-》新建账号:
账号属性中,需要填写分公司的局域网子网地址,且不能有重复:
如果分公司有多个子网,逗号分隔填写:
增加或修改SSLVPN 账号中的客户端子网后,需要重启VPN服务才生效,客户端会自动重连。
最后所有的账号创建完毕如下:
分公司路由配置
网络-》SSLVPN 隧道-》新建连接:
线路检测的PING目标需要填写 VPN 服务端的IP(VPN子网的第一个IP)
连接成功后,状态如下:
查看服务端推送的路由表是否正确:
查看互联状态
在总部服务端查看VPN客户端连接状态:
连通性测试
测试工具:工具-》PING 测试,依次测试如下项:
- 分公司路由上 PING 总部的VPN IP
- 分公司路由上 PING 总部局域网口 IP
- 分公司路由上 PING 总部局域网内其他设备的IP
- 分公司路由内网电脑 PING 总部局域网内网 IP (双方局域网内IP互访测试)
隧道带宽性能测试
1. 安装性能测试模块
应用-》模块-》检查更新,安装 benchmark 性能测试模块,总部和分公司路由均需安装。
2. IPerf 测试
总部开启 Iperf 服务端,分公司运行客户端:
3. 查看测试结果
默认测试时间为1分钟,测试结果显示在页面下方:
下载测试:
上传测试:
测试的时候在首页查看线路的实时流量:
VPN 带宽实战测试2
VPN服务端50M专线:
VPN客户端带宽测试:
下行带宽测试:
2020-08-19 09:36:17 IPerf3 客户端已启动, 目标 10.10.0.1:5201/TCP, 测试时长 60 秒 【反向测试/对方发包】 2020-08-19 09:37:18 测试完成 [ 5] 36.00-37.00 sec 5.32 MBytes 44.6 Mbits/sec [ 5] 37.00-38.00 sec 5.30 MBytes 44.5 Mbits/sec [ 5] 38.00-39.00 sec 5.32 MBytes 44.6 Mbits/sec [ 5] 39.00-40.00 sec 5.28 MBytes 44.3 Mbits/sec [ 5] 40.00-41.00 sec 4.31 MBytes 36.2 Mbits/sec [ 5] 41.00-42.00 sec 5.35 MBytes 44.9 Mbits/sec [ 5] 42.00-43.00 sec 4.96 MBytes 41.6 Mbits/sec [ 5] 43.00-44.00 sec 5.08 MBytes 42.6 Mbits/sec [ 5] 44.00-45.00 sec 4.49 MBytes 37.7 Mbits/sec [ 5] 45.00-46.00 sec 5.30 MBytes 44.5 Mbits/sec [ 5] 46.00-47.00 sec 5.31 MBytes 44.5 Mbits/sec [ 5] 47.00-48.00 sec 5.29 MBytes 44.4 Mbits/sec [ 5] 48.00-49.00 sec 5.31 MBytes 44.6 Mbits/sec [ 5] 49.00-50.00 sec 5.31 MBytes 44.6 Mbits/sec [ 5] 50.00-51.00 sec 5.18 MBytes 43.4 Mbits/sec [ 5] 51.00-52.00 sec 5.31 MBytes 44.6 Mbits/sec [ 5] 52.00-53.00 sec 4.94 MBytes 41.5 Mbits/sec [ 5] 53.00-54.00 sec 5.24 MBytes 44.0 Mbits/sec [ 5] 54.00-55.00 sec 5.30 MBytes 44.5 Mbits/sec [ 5] 55.00-56.00 sec 5.30 MBytes 44.5 Mbits/sec [ 5] 56.00-57.00 sec 5.31 MBytes 44.5 Mbits/sec [ 5] 57.00-58.00 sec 5.22 MBytes 43.8 Mbits/sec [ 5] 58.00-59.00 sec 5.30 MBytes 44.4 Mbits/sec [ 5] 59.00-60.00 sec 5.30 MBytes 44.4 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr [ 5] 0.00-60.00 sec 310 MBytes 43.3 Mbits/sec 0 sender [ 5] 0.00-60.00 sec 309 MBytes 43.2 Mbits/sec receiver iperf Done.
上行带宽测试:
2020-08-19 09:44:22 IPerf3 客户端已启动, 目标 10.10.0.1:5201/TCP, 测试时长 60 秒【本地发包】 2020-08-19 09:45:23 测试完成 [ 5] 36.00-37.00 sec 5.17 MBytes 43.4 Mbits/sec 0 116 KBytes [ 5] 37.00-38.00 sec 5.17 MBytes 43.4 Mbits/sec 0 123 KBytes [ 5] 38.00-39.00 sec 3.88 MBytes 32.5 Mbits/sec 0 60.4 KBytes [ 5] 39.00-40.00 sec 4.31 MBytes 36.1 Mbits/sec 0 108 KBytes [ 5] 40.00-41.00 sec 5.17 MBytes 43.4 Mbits/sec 0 113 KBytes [ 5] 41.00-42.00 sec 5.17 MBytes 43.4 Mbits/sec 1 99.8 KBytes [ 5] 42.00-43.00 sec 3.88 MBytes 32.5 Mbits/sec 0 110 KBytes [ 5] 43.00-44.00 sec 5.17 MBytes 43.4 Mbits/sec 0 131 KBytes [ 5] 44.00-45.00 sec 5.17 MBytes 43.4 Mbits/sec 0 105 KBytes [ 5] 45.00-46.00 sec 5.17 MBytes 43.4 Mbits/sec 0 113 KBytes [ 5] 46.00-47.00 sec 4.74 MBytes 39.7 Mbits/sec 0 99.8 KBytes [ 5] 47.00-48.00 sec 4.31 MBytes 36.1 Mbits/sec 0 108 KBytes [ 5] 48.00-49.00 sec 5.17 MBytes 43.4 Mbits/sec 0 110 KBytes [ 5] 49.00-50.00 sec 3.01 MBytes 25.3 Mbits/sec 0 86.6 KBytes [ 5] 50.00-51.00 sec 4.31 MBytes 36.1 Mbits/sec 0 94.5 KBytes [ 5] 51.00-52.00 sec 5.17 MBytes 43.4 Mbits/sec 0 91.9 KBytes [ 5] 52.00-53.00 sec 5.17 MBytes 43.4 Mbits/sec 0 81.4 KBytes [ 5] 53.00-54.00 sec 5.17 MBytes 43.4 Mbits/sec 0 91.9 KBytes [ 5] 54.00-55.00 sec 5.17 MBytes 43.4 Mbits/sec 0 91.9 KBytes [ 5] 55.00-56.00 sec 3.01 MBytes 25.3 Mbits/sec 0 49.9 KBytes [ 5] 56.00-57.00 sec 5.17 MBytes 43.4 Mbits/sec 0 113 KBytes [ 5] 57.00-58.00 sec 5.17 MBytes 43.4 Mbits/sec 0 94.5 KBytes [ 5] 58.00-59.00 sec 5.17 MBytes 43.4 Mbits/sec 0 91.9 KBytes [ 5] 59.00-60.00 sec 3.01 MBytes 25.3 Mbits/sec 0 28.9 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr [ 5] 0.00-60.00 sec 289 MBytes 40.4 Mbits/sec 1 sender [ 5] 0.00-60.00 sec 288 MBytes 40.3 Mbits/sec receiver iperf Done.
VPN客户端访问VPN服务端局域网内文件共享服务器:
小结:50Mbps 带宽,VPN能跑到 40~44Mbps
irouter/vpn/sd-wan.txt · 最后更改: 2022/10/22 09:06 由 muddyboot
Copyright © 2014-2020 版权所有 (MoreQuick Networs Co., Ltd. All rights reserved)
本系统由 秒开 iRouter &
在阿里云上强力驱动