Update the project... #35
Comments
|
Hi Aaron, I just found this project, searching for an open/free/more manageable hamachi alternative. This seems a relatively obvious solution to creating a mesh network, but it feels hack-ish and I can't help but wonder how manageable/reliable it is on a big meshed network (for example: 1000 nodes). It seems that there are quite a few projects around nowadays, I am wondering if you looked at those? Sorry for going off topic, I applaud your work. It's an interesting solution to the problem :) |
|
Thanks for the comments @TerrorFactor. I wrote OpenMesher for a very specific use case. A client of ours was expanding rapidly and had ~30 offices. They were running Ubuntu Linux on their routers using Shorewall as their firewall. Their network was in a 'hub and spoke' configuration and the 'hub' site was starting to run into bandwidth problems. (They had a Windows DFSR share, and every time someone dropped a 1 MB file in, 30 offices would max out the connection downloading that one file across a 5 mbit connection). I wrote OpenMesher to handle automatically generating the OpenVPN configs and keys to create a mesh. Eventually I expanded it to handle generating the Shorewall config for the OpenVPN ports as well as the Quagga RIP configurations for routing between the sites. Finally I added an SSH 'plugin' that would automatically upload the Debian package files directly to the routers using SCP. My deployment process was to run OpenMesher to re-generate the mesh and upload the Debian package files, then I would use ClusterSSH to connect in to all the machines simultaneously and run I wanted this done without any daemon running or any sort of dynamic config where new nodes could automatically join the network. (Adding a new office for the client was a very well-defined process and it didn't happen more than once a month.) I'll admit, it's a bit hacky. When word came down on high that we had to switch to something with a point-and-click interface because the rest of the technicians were confused by the command-line we switched to pfSense. Unfortunately creating an OpenVPN mesh in pfSense required lots of point-and-clicking, and manually generating hundreds or thousands of config files and keys was out of the question--there is no automation in pfSense. They went back to hub-and-spoke and have had bandwidth and performance issues ever since. And after 4 years of running pfSense, not a single tech has ever made a change to their firewalls. They still ask me to make the change because pfSense is 'too confusing'. ;) Anyways, I did look at TINC a few years ago, but it didn't meet my specific needs at that client. I don't recall what the problem was exactly. I have never looked at IPOP. The idea on their page looks great, but I don't know how well it works in practice. A few thoughts on managing 1,000 nodes:
If you have any additional questions or comments, feel free to open a new issue. |
It's probably time I dust this project off. I haven't had a need for it since a company decided to switch to pfSense because point-and-click is 'easier' than command line. Unfortunately my argument that I would have to spend 5 minutes setting up each of n x (n-1)/2 connections they still switched to pfSense. So the network became hub-and-spoke. Now that the 100 down 25 up 'hub' office is completely overloaded and they are thinking of switching back.
But I wanted to put a few things to a vote.
Is anyone still using the project?
Should I keep it in Python, or re-write it in Node?
Any preferences?
The text was updated successfully, but these errors were encountered: