Sown-auth2 Server Replacement

From SOWNWiki
Jump to: navigation, search

Sown-auth2 is no longer running an old operating system and has been upgraded to Ubuntu 14.04 LTS. However, there are a lot of services running on Sown-auth2, ideally we should try to migrate these to two different servers to spread the load a bit. Sown-radius2 and Sown-vpn2 are currently unused and could be used for this purpose.

There are quite a lot of tasks required to realise this project:

  1. Reinstall Sown-vpn2 with Ubuntu 16.04. (Done)
  2. Reinstall Sown-radius2 with Ubuntu 16.04. (Done)
  3. Install and configure FreeRadius version 3 on Sown-radius2. (Done)
  4. Test Radius authentication using Sown-radius2. (Done)
  5. Allow admin site to specify the Radius server a node should used for authentication and accounting. (Done)
  6. Test Radius accounting using Sown-radius2. (Done)
  7. Peer Sown-Radius2 with Janet Roaming Service as a test server. (Done)
  8. Get an ECS DMZ IPv4 address setup for Sown-vpn2. (Done, using sown-auth's old IP)
  9. Install and configure OpenVPN on Sown-vpn2. (Done, may need some changes since we added IPv6 to OpenVPN on sown-auth2)
  10. Add Sown-vpn2 to the list of VPN servers on admin site. (Done)
  11. Setup and test a VPN connection between Sown-vpn2 an a test SOWN node. (Done but we had to proxy via sown-auth2, we need to get firewall holes setup with iSolutions at some point. For now it may be worth just using this OpenVPN server for development nodes).
  12. ...