Open Source Alternatives – Page 2

After a LONG hiatus, I’m finally starting to work on my Open Source implementation of DMVPN, again. So far, I’ve started off by taking the OpenNHRP source code and building RPM files. I made no changes to the source code itself. Heck, I don’t even consider myself a developer. I just built the RPM binaries so that a person could build a DMVPN device without needing to have developer tools installed on the device itself. It should be a little more secure that way. :)

Currently, the RPM files are being built in a CentOS 6 x86_64 environment. However, if this is something that people like, I will entertain building the RPM’s for 32 bit environment or possibly deb packages for ubuntu / debian based environments.

The binary and source RPM’s are available right now! I’m still testing them to make sure everything is working properly. You can get the package by installing the repository:

[root@server ~]# <span style="background-color: lime;">curl http://tools.packetgeek.net/pgn.repo -o /etc/yum.repos.d/pgn.repo</span>
[root@server ~]# <span style="background-color: lime;">yum search opennhrp</span>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centosmirror.quintex.com
 * extras: centosmirror.quintex.com
 * updates: centosmirror.quintex.com
<span style="background-color: yellow;">============================================================ N/S Matched: opennhrp ============================================================
opennhrp.x86_64 : OpenNHRP implements NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create dynamic
                : multipoint VPN Linux router using NHRP, GRE and IPsec. It aims to be Cisco DMVPN compatible.</span>

  Name and summary matches only, use "search all" for everything.
[root@server ~]# <span style="background-color: lime;">yum install opennhrp</span>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centosmirror.quintex.com
 * extras: centosmirror.quintex.com
 * updates: centosmirror.quintex.com
Setting up Install Process
Resolving Dependencies
--&gt; Running transaction check
---&gt; Package opennhrp.x86_64 0:0.13.1-1.el6 will be installed
--&gt; Processing Dependency: libcares.so.2()(64bit) for package: opennhrp-0.13.1-1.el6.x86_64
--&gt; Running transaction check
---&gt; Package c-ares.x86_64 0:1.7.0-6.el6 will be installed
--&gt; Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================
 Package                           Arch                            Version                                 Repository                     Size
===============================================================================================================================================
Installing:
 opennhrp                          x86_64                          0.13.1-1.el6                            pgn                            62 k
Installing for dependencies:
 c-ares                            x86_64                          1.7.0-6.el6                             base                           53 k

Transaction Summary
===============================================================================================================================================
Install       2 Package(s)

Total download size: 115 k
Installed size: 230 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): c-ares-1.7.0-6.el6.x86_64.rpm                                                                                    |  53 kB     00:00     
(2/2): opennhrp-0.13.1-1.el6.x86_64.rpm                                                                                 |  62 kB     00:00     
-----------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                          203 kB/s | 115 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : c-ares-1.7.0-6.el6.x86_64                                                                                                   1/2 
  Installing : opennhrp-0.13.1-1.el6.x86_64                                                                                                2/2 
  Verifying  : opennhrp-0.13.1-1.el6.x86_64                                                                                                1/2 
  Verifying  : c-ares-1.7.0-6.el6.x86_64                                                                                                   2/2 

Installed:
  opennhrp.x86_64 0:0.13.1-1.el6                                                                                                               

Dependency Installed:
  c-ares.x86_64 0:1.7.0-6.el6                                                                                                                  

Complete!

[root@server ~]# curl http://tools.packetgeek.net/pgn.repo -o /etc/yum.repos.d/pgn.repo

[root@server ~]# yum search opennhrp

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* base: centosmirror.quintex.com

* extras: centosmirror.quintex.com

* updates: centosmirror.quintex.com

============================================================ N/S Matched: opennhrp ============================================================

opennhrp.x86_64 : OpenNHRP implements NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create dynamic

: multipoint VPN Linux router using NHRP, GRE and IPsec. It aims to be Cisco DMVPN compatible.

Name and summary matches only, use "search all" for everything.

[root@server ~]# yum install opennhrp

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* base: centosmirror.quintex.com

* extras: centosmirror.quintex.com

* updates: centosmirror.quintex.com

Setting up Install Process

Resolving Dependencies

--> Running transaction check

---> Package opennhrp.x86_64 0:0.13.1-1.el6 will be installed

--> Processing Dependency: libcares.so.2()(64bit) for package: opennhrp-0.13.1-1.el6.x86_64

--> Running transaction check

---> Package c-ares.x86_64 0:1.7.0-6.el6 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================

Package Arch Version Repository Size

===============================================================================================================================================

Installing:

opennhrp x86_64 0.13.1-1.el6 pgn 62 k

Installing for dependencies:

c-ares x86_64 1.7.0-6.el6 base 53 k

Transaction Summary

===============================================================================================================================================

Install 2 Package(s)

Total download size: 115 k

Installed size: 230 k

Is this ok [y/N]: y

Downloading Packages:

(1/2): c-ares-1.7.0-6.el6.x86_64.rpm | 53 kB 00:00

(2/2): opennhrp-0.13.1-1.el6.x86_64.rpm | 62 kB 00:00

-----------------------------------------------------------------------------------------------------------------------------------------------

Total 203 kB/s | 115 kB 00:00

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Warning: RPMDB altered outside of yum.

Installing : c-ares-1.7.0-6.el6.x86_64 1/2

Installing : opennhrp-0.13.1-1.el6.x86_64 2/2

Verifying : opennhrp-0.13.1-1.el6.x86_64 1/2

Verifying : c-ares-1.7.0-6.el6.x86_64 2/2

Installed:

opennhrp.x86_64 0:0.13.1-1.el6

Dependency Installed:

c-ares.x86_64 0:1.7.0-6.el6

Complete!

Have fun! I look forward to getting an open source of a DMVPN implementation up and running soon! Leave a comment if you have any comments or questions.

Facebook

Twitter

jtdub October 2, 2012

Posted In: DMVPN, Linux, Open Source Alternatives, OpenNHRP, RPM, System Administration, VPN

For a few years, Cisco has had a pretty innovative VPN solution called “Dynamic Multipoint VPN”. In essence, it’s a traditional hub and spoke VPN design, except that when two, or more, spokes want to communicate directly with each other, they initiate a dynamic IPSEC tunnel with each other instead of sending the traffic to the hub, where the hub would route the traffic to the destination spoke. If you’re confused, the “hub” would be the main office where all VPN sessions are initiated to and the “spoke” are the branch offices.

Why does this matter? There are two HUGE reasons: bandwidth and ease of operation. If two spokes need to send data back and forth to each other over the VPN, it doesn’t make sense that the data should be sent from spoke 1, to the hub, to spoke 2. Doing this doubles the amount of Internet bandwidth that you need. That’s a lot of wasted money. For the people configuring the VPN devices, it’s an added complexity to add all kinds of VPN tunnels to each branch turning your VPN network into a mesh design. Could you imagine doing that with hundreds or thousands of branch offices? It would be an administration night mare. So essentially, either way you look at it, DMVPN could save your organization a ton of money in total cost of ownership and on bandwidth. Your network admins will love you for it.

How is DMVPN achieved? It uses all the same tricks as traditional hub and spoke VPN; IPSEC, GRE, a dynamic routing protocol, along with a fairly new protocol called Next Hop Resolution Protocol. “NHRP is an Address Resolution Protocol (ARP)-like protocol that dynamically maps nonbroadcast multiaccess (NBMA) network. With NHRP, systems attached to an NBMA network can dynamically learn the NBMA (physical) address of the other systems that are part of that network, allowing these systems to directly communicate.” (Cisco.com) Pretty cool, right?

It now looks like the Open Source community is putting together the last piece of the DMVPN puzzle. For years there have been open source implementations of IPSEC, GRE, and dynamic routing protocols, such as OSPF. (It’s a shame that EIGRP is proprietary to Cisco.) Now there is a NHRP implementation in the works, that looks promising. I’m sure that I’ll be keeping up with the progress.

Maybe Vyatta will implement this? hmmm…

RFC 2332 – NBMA Next Hop Resolution Protocol

Facebook

Twitter

jtdub May 31, 2009

Posted In: Open Source Alternatives, VPN

OpenNHRP is now available via RPM

An Open Source Implementation of Cisco’s Dynamic Multipoint VPN (DMVPN)