Install Unix packages

How to install Unix packages

  • Using jail ?

    Votes: 0 0.0%
  • ??

    Votes: 0 0.0%

  • Total voters
    0
Status
Not open for further replies.

pierreda

Cadet
Joined
Nov 8, 2018
Messages
5
Hi all,

I would like to use FreeNAS to mount a storage with iSCSI with a server. The problem is that theses servers was not in the same LAN.

By consequent, i want to secure this traffic with an VPN IPsec. This settings recquire a new Linux package (Strongswan).

I tried to install it from the shell of the FreeNAS server but i receive this message below :

Updating local repository catalogue...
pkg: file:///usr/ports/packages/meta.txz: No such file or directory
repository local has no meta file, using default settings
pkg: file:///usr/ports/packages/packagesite.txz: No such file or directory
Unable to update repository local
Error updating repositories!


I think this is blocked by FreeNAS software to protect the system. Does people tried to do that ??
I saw the "jails" could permit to install Unix packages but i believe that work just in "container" no ?
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
It can't really do that. While the underlying UNIX might be able to be teased into doing it, FreeNAS is an appliance, and the appliance won't be expecting this kind of complexity, so you can run into really strange issues.

You can, however, go and get yourself something like a Ubiquiti EdgeRouter Lite on each end and create a WAN link that way.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
You can, however, go and get yourself something like a Ubiquiti EdgeRouter Lite on each end and create a WAN link that way.
...or use ZeroTier...
 

Chris Moore

Hall of Famer
Joined
May 2, 2015
Messages
10,080
I second the suggestion to use a hardware appliance to create the VPN connection between the two sites instead of trying to hack the FreeNAS.
If you really must use that software, you will need to go with a different operating system instead of FreeNAS or you could try to do the VPN through a Jail, but I don't think that is a good way to handle it.
 

pierreda

Cadet
Joined
Nov 8, 2018
Messages
5
Hi All,

Thank's for your response! I can't use a hardware tool to mount the tunnel IPsec (it's a server in cloud) ... I do not try to "Hack" the FreeNAS system but just to exploit it to do my VPN.
Anyone has tried to use the "jails" for doing a similar project ?

Thank's
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
So start a second VM and create an IPsec appliance in it.
 

pierreda

Cadet
Joined
Nov 8, 2018
Messages
5
When i said "cloud server", it's just an dedicated server with an public IP address. So, i can't install a second virtual machine ...

@danb35 Really ? What's exactly ? An IPsec server ?
 

HoneyBadger

actually does care
Administrator
Moderator
iXsystems
Joined
Feb 6, 2014
Messages
5,110
I'm more concerned that trying to route iSCSI traffic over a WAN will not be a successful endeavor unless that WAN link is at least able to approximate the same kind of low latency and resilience to loss/jitter that you would see on a decent LAN.

Reduced bandwidth you can work around, but high latency, loss, or jitter will likely cause command timeouts.
 

pierreda

Cadet
Joined
Nov 8, 2018
Messages
5
I know and it's the first time for me to mount an iSCSI disk over the WAN. In theory, i will have approximatively the "same" conditions.
The servers are hosted in the same heberger (OVH), so i think the "internet" network between the servers should be fast.

I will transfert my experience when the configuration will be done!
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
When i said "cloud server", it's just an dedicated server with an public IP address. So, i can't install a second virtual machine ...

@danb35 Really ? What's exactly ? An IPsec server ?

Is it a "cloud" server? Or a dedicated server?

A "cloud" server is a shared system running on some hosting company's virtualization service.

I'm more concerned that trying to route iSCSI traffic over a WAN will not be a successful endeavor unless that WAN link is at least able to approximate the same kind of low latency and resilience to loss/jitter that you would see on a decent LAN.

Reduced bandwidth you can work around, but high latency, loss, or jitter will likely cause command timeouts.

Yeah, that, too. But some of us run NFS that way. :smile:
 

pierreda

Cadet
Joined
Nov 8, 2018
Messages
5
Yes it's a dedicated server, i've telling "cloud" because it's hosted and accessible from the internet.
I know, but it's necessary to transfert the data in a VPN tunnel ...
 

HoneyBadger

actually does care
Administrator
Moderator
iXsystems
Joined
Feb 6, 2014
Messages
5,110
Yeah, that, too. But some of us run NFS that way. :)

NFS will be more tolerant of that; iSCSI I would fully expect to fail.

But based on the newer posts from the OP, this machine seems more like it's physically local, just "remote" from the data perspective - perhaps it's in a DMZ of some manner. In that case, the underlying network should be sufficient.
 
Status
Not open for further replies.
Top