Table of Contents

Eve-ng cloud setup

Host VPN connection

For remote connection to lab machines, we are going to use GlobalProtect or GP (the vpn client developed by Palo Alto Networks).

1 A). In case you have on your host Windows/MacOS installed: from any browser go to portal address vpn.upb.exam.live (!!do not ping it!!, it does not respond to icmp-echo requests), login in the new window with student credentials and download the agent for your OS - Windows or MacOS (win 32b, win 64b or macos 32/64b).

Starting from GlobalProtect version 5.2 (the one from portal is 5.2.*), the Windows 7 and 8 versions are no longer supported for client installation. You can download here the latest release for version 5.0 that is compatible with Windows 7+.

1 B). In case you have on your host Linux: you can download the UI version from here (v. 5.2.6.0-18 - the latest GP version tested on Linux). There is also a CLI version, but this does not work with this portal. Please note that this version is mostly used by QA automation team and you may encounter different bugs. If you get stuck, please do not hesitate to contact the assistant on Teams chat.

As seen on some students, there exists an alternative to GP client for Linux, called GlobalProtect-openconnect (tested on Ubuntu and Arch, should work on other distributions as well).

Please check the compatibility matrix of GP with OS versions here.

If you have issues accessing the portal, try the following steps:

- access from browser the portal. If you receive a timeout, then your public ip is blocked. Ask the assistant to delete the entry

- if you have access from browser and the connection cannot be made from GP UI, then try to disable and then enable, or go to Settings > General > Portals remove it and connect again to it, or reinstall the application

- you can also take a look on logs: PanGPS.log file (basically here you can find each generated from connecting to portal, to receiving, and bringing up the tunnel with gateways) - the path for Windows C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log or for Linux /opt/paloaltonetworks/globalprotect/PanGPS.log

Note: On Linux you can clear the cache (PanPortalCfg, PanPCD, PanPUAC): 

user@host:$ rm -rf ~/.GlobalProtect/PanP*

2. Install the agent to your host. For Windows/MacOS it should appear a pop-up window where you need to add the portal address vpn.upb.exam.live.

For Linux, you can open the pop-up window using the command from below and then enter the portal address vpn.upb.exam.live: 

user@hostname:~$ globalprotect launch-ui
# this needs to be executed each time the window is closed

3. Login again with student credentials and then go to a terminal and check a ping request to an internal gw: 

user@hostname:~$ ping -c 2 10.3.255.254
PING 10.3.255.254 (10.3.255.254) 56(84) bytes of data.
64 bytes from 10.3.255.254: icmp_seq=1 ttl=64 time=5.87 ms
64 bytes from 10.3.255.254: icmp_seq=2 ttl=64 time=5.79 ms
[...]

Below you can find the topology on which the lab is based:

After you finish with your work, just click disable the connection and add a whitespace to reason (if requested). Next time, you just reconnect using the client from host.

Virtual machine access

The VM is an eve-ng (previously known as unetlab) and each student has one assigned (see the last column on class register, available on the course website mappings: ip VM–student) that can be accessed from:

- CLI via ssh (user: root and password: eve) which is mostly used for debugging and you will rarely use it (for adding new images, freeing space etc.).

- web (user: admin and password: eve) which provides an user interface for an emulated virtual environment with endpoints (OS Linux) and network/security equipments

If you want to change the password admin user:

1. Delete the current entry from DB: 

echo "DELETE from users where username = 'admin';" | mysql --host=localhost --user=root --password=eve-ng eve_ng_db

2. Calculate sha256 hash of the new password: 

hash_sha256=$(echo -n "MySuperUltraSecretPasswod" | sha256sum | cut -d " " -f1)

3. Insert a new entry in DB for this password hash: 

echo "INSERT INTO users VALUES ('admin',NULL,'root@localhost',-1,'Eve-NGAdministrator','$hash_sha256',NULL,'','admin','',1);"| mysql --host=localhost --user=root --password=eve-ng eve_ng_db

For the labs, we are going to use:

- Cisco router 7200 image (as it supports acls, cbac, zbf) in dynamips - setup steps here

- Ubuntu 22.04 and Kali 2019.3 machines - setup steps here

- pfSense open source firewall - image here and setup steps

In order to create the topology, you just need to drag the required node and add network connections between them.

This is the place where you find Cisco 7200 image.

Dynamips images are stored on the eve-ng machine on path /opt/unetlab/addons/dynamips (yes, they kept that legacy name path). The required one is already added there so do not delete anything.

Also, the node in web app is already configured, but if the dynamips process still takes too much of your cpu, you need to recalculate the IDLE-PC usage. 

# go to /opt/unetlab/addons/dynamips and run the emulated device
root@eve-ng:/opt/unetlab/addons/dynamips# dynamips -P 7200 c7200-adventerprisek9-mz.151-4.M.image 
cisco>en
# press ctrl + ] at the same time, then i -> this will gather the statistics and calculate the idle-pc times
Please wait while gathering statistics...
Done. Suggested idling PC:
   0x60608bc4 (count=73)
   0x60171348 (count=32)
   0x606097a4 (count=44)
   0x606097cc (count=39)
   0x60609800 (count=58)
   0x6180ad48 (count=40)
   0x6180ada8 (count=52)
   0x6180adec (count=34)
   0x6180ae00 (count=25)
   0x6060affc (count=49)
Restart the emulator with "--idle-pc=0x60608bc4" (for example)
# on the node configuration, use the hex value with the highest count - here is 0x60608bc4 
# then, exit the ios cli mode using ctrl + ], then q
Shutdown in progress...
Shutdown completed.

For more information about this IDLE-PC value, check this link.

For more information, see this FAQ from eve-ng.

Create a new node

You will require to create new nodes for topologies on webui in eve-ng. The images for Linux (Ubuntu and Kali), Cisco router 7200, Cisco FTD, and Fortinet are already added on the VM.

1. Right click on dashboard > Add new object > select Node

2. Select a template (for example: Linux). These are created based on the uploaded image names in eve-ng machine (dynamips, qemu, or iol) and the format of file (you may be able to select Linux, but if you do not add a proper image in qcow2 format, it won't be read for node deployment).

3. After selecting the template, you are required to complete the following:

- number of nodes (most of the times, only 1 as we are using an image per node)

- select image name (based on the folder from dynamips folder)

- add a name for node (this will appear on the topology in dashboard)

- select the number of vCPUS, RAM, and number of Ethernet ports

- select the console access mode (most of the times we are using telnet for router and vnc for the rest)

- keep the rest as they are pre-configured

Example: create a kali node

To change the node configuration, you need to power it off firstly.

If you want to learn more about the deployment of nodes, see this links from eve-ng documentation:

Linux image

Cisco IOS (based on dynamips)

Cisco IOL (switches, routers)

FAQ

For other FAQ, please check this page.