Eve-ng setup lab remote

Host VPN connection

For remote connection to lab machines, we are going to use GlobalProtect or GP (the vpn client developed by Palo Alto Networks).

1 A). In case you have on your host Windows/MacOS installed: from any browser go to portal address vpn.upb.exam.live (!!do not ping it!!, it does not respond to icmp-echo requests), login in the new window with your LDAP credentials (used also for Moodle acount) and download the agent for your OS - Windows or MacOS (win 32b, win 64b or macos 32/64b).

Starting from GlobalProtect version 5.2 (the one from portal is 5.2.*), the Windows 7 and 8 versions are no longer supported for client installation. You can download here the latest release for version 5.0 that is compatible with Windows 7+.

1 B). In case you have on your host Linux: you can download the UI version from here (v. - the latest GP version tested on Linux). There is also a CLI version, but this does not work with this portal. Please note that this version is mostly used by QA automation team and you may encounter different bugs. If you get stuck, please do not hesitate to contact me on chat/email.

As seen on some students, there exists an alternative to GP client for Linux, called GlobalProtect-openconnect (tested on Ubuntu and Arch, should work on other distributions as well).

Please check the compatibility matrix of GP with OS versions here.

If you have issues accessing the portal, try the following steps:

- access from browser the portal. If you receive a timeout, then your public ip is blocked. Ask me or Mihai to delete the entry

- if you have access from browser and the connection cannot be made from GP UI, then try to disable and then enable, or go to Settings > General > Portals remove it and connect again to it, or reinstall the application

- you can also take a look on logs: PanGPS.log file (basically here you can find each generated from connecting to portal, to receiving, and bringing up the tunnel with gateways) - the path for Windows C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log or for Linux /opt/paloaltonetworks/globalprotect/PanGPS.log

Note: On Linux you can clear the cache (PanPortalCfg, PanPCD, PanPUAC):

user@host:$ rm -rf ~/.GlobalProtect/PanP*

2. Install the agent to your host. For Windows/MacOS it should appear a pop-up window where you need to add the portal address vpn.upb.exam.live.

For Linux, you can open the pop-up window using the command from below and then enter the portal address vpn.upb.exam.live:

user@hostname:~$ globalprotect launch-ui
# this needs to be executed each time the window is closed

3. Login again with your LDAP credentials and then go to a terminal and check a ping request to an internal gw:

user@hostname:~$ ping -c 2
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=5.87 ms
64 bytes from icmp_seq=2 ttl=64 time=5.79 ms

Below you can find the topology on which the lab is based:

After you finish with your work, just click disable the connection and add a whitespace to reason (if requested). Next time, you just reconnect using the client from host.

Virtual machine access

The VM is an eve-ng (previously known as unetlab) and each student has one assigned (see the last column on class register, available on the course website mappings: ip VM–student) that can be accessed from:

- CLI via ssh (user: root and password: student) which is mostly used for debugging and you will rarely use it (for adding new images, freeing space etc.).

- web (user: admin and password: eve) which provides an user interface for an emulated virtual environment with endpoints (OS Linux) and network/security equipments. Is quite similar to GNS3 that was used previously on SRED (lab 2019).

If you want to change the password admin user:

1. Delete the current entry from DB:

echo "DELETE from users where username = 'admin';" | mysql --host=localhost --user=root --password=eve-ng eve_ng_db

2. Calculate sha256 hash of the new password:

hash_sha256=$(echo -n "MySuperUltraSecretPasswod" | sha256sum | cut -d " " -f1)

3. Insert a new entry in DB for this password hash:

echo "INSERT INTO users VALUES ('admin',NULL,'root@localhost',-1,'Eve-NGAdministrator','$hash_sha256',NULL,'','admin','',1);"| mysql --host=localhost --user=root --password=eve-ng eve_ng_db

For the first 2 labs, a Cisco router 7200 image is used (as it supports acls, cbac, zbf) in dynamips, 3 Ubuntu 18.04 machines (1 server and 2 clients) and a Kali 2019.3. In order to create the topology, you just need to drag the required node (4 available for now) and add network connections between them.

This is the place where you find different other Cisco 7200 images.

Dynamips images are stored on the eve-ng machine on path /opt/unetlab/addons/dynamips (yes, they kept that legacy name path). The required one is already added there so do not delete anything.

Also, the node in web app is already configured, but if the dynamips process still takes too much of your cpu, you need to recalculate the IDLE-PC usage.

# go to /opt/unetlab/addons/dynamips and run the emulated device
root@eve-ng:/opt/unetlab/addons/dynamips# dynamips -P 7200 c7200-adventerprisek9-mz.151-4.M.image 
# press ctrl + ] at the same time, then i -> this will gather the statistics and calculate the idle-pc times
Please wait while gathering statistics...
Done. Suggested idling PC:
   0x60608bc4 (count=73)
   0x60171348 (count=32)
   0x606097a4 (count=44)
   0x606097cc (count=39)
   0x60609800 (count=58)
   0x6180ad48 (count=40)
   0x6180ada8 (count=52)
   0x6180adec (count=34)
   0x6180ae00 (count=25)
   0x6060affc (count=49)
Restart the emulator with "--idle-pc=0x60608bc4" (for example)
# on the node configuration, use the hex value with the highest count - here is 0x60608bc4 
# then, exit the ios cli mode using ctrl + ], then q
Shutdown in progress...
Shutdown completed.

For more information about this IDLE-PC value, check this link.

For more information, see this FAQ from eve-ng.

Create a new node

You will require to create new nodes for topologies on webui in eve-ng. The images for Linux (Ubuntu and Kali), Cisco router 7200, Cisco FTD, and Fortinet are already added on the VM.

1. Right click on dashboard > Add new object > select Node

2. Select a template (for example: Linux). These are created based on the uploaded image names in eve-ng machine (dynamips, qemu, or iol) and the format of file (you may be able to select Linux, but if you do not add a proper image in qcow2 format, it won't be read for node deployment).

3. After selecting the template, you are required to complete the following:

- number of nodes (most of the times, only 1 as we are using an image per node)

- select image name (based on the folder from dynamips folder)

- add a name for node (this will appear on the topology in dashboard)

- select the number of vCPUS, RAM, and number of Ethernet ports

- select the console access mode (most of the times we are using telnet for router and vnc for the rest)

- keep the rest as they are pre-configured

Example: create a kali node

To change the node configuration, you need to power it off firstly.

If you want to learn more about the deployment of nodes, see this links from eve-ng documentation:

Linux image

Cisco IOS (based on dynamips)

Cisco IOL (switches, routers)


For other FAQ, please check this page.

Eve-ng local machine setup

If you want to install on your local host/own server/cloud this eve-ng machine, you can look over the next steps to make sure the process is done corectly.

Download here the iso file eve-ng free edition, then in vmware workstation/vmware esx create a new VM with the following configuration:

As eve-ng is an ubuntu 16.04 with x86_64 arch, select:

Use 4 vCPUs and do not forget to tick: expose hw assisted virtualization to guest OS (necessary to run other VMs on this VM):

Add at least 8 GB of RAM and 50 GB for storage. Add the VM in your local management network and choose the installation ISO file downloaded above:

Finish and boot the machine. Click Install VM > English or any other language you want:

Add the hostname for the machine:

Accept the location area for current time, then wait for system installation and keep proxy manager with no config.

Select here no automatic updates (we want to select ourselves the packages to update as it may broke the server):

Finish the installation and boot the eve-ng machine. After booting the device (takes 2-3 mins to install every required package), login with user: root and password: eve (the default ones).

Add a new password for the root account (student used for labs):

You can keep the default hostname (eve-ng):

DNS domain name leave as blank:

For mgmt interface, use dhcp for ip config (more explanation about this interface are given below):

For ntp server, use time.google.com:

Keep direct connection with exernal:

Then, the machine will reboot automatically and login with your newly added credentials (here - user: root and password: student):

Check firstly if the apache2 service is up and listening to default port 80:

root@eve-ng:~# netstat -atupn | grep apache2
tcp6       0      0 :::80                   :::*                    LISTEN      2711/apache2    

If not, restart the service and make sure is up:

root@eve-ng:~# sudo service apache2 restart
root@eve-ng:~# sudo service apache2 status 
● apache2.service - LSB: Apache2 web server
Oct 20 15:49:04 eve-ng systemd[1]: Starting LSB: Apache2 web server...
Oct 20 15:49:04 eve-ng apache2[30867]:  * Starting Apache httpd web server apache2
Oct 20 15:49:05 eve-ng apache2[30867]:  *
Oct 20 15:49:05 eve-ng systemd[1]: Started LSB: Apache2 web server.

See the machine responds with 200 OK for GET requests on localhost:

root@eve-ng:~# curl -I localhost:80
HTTP/1.1 200 OK
Date: Tue, 20 Oct 2020 12:58:06 GMT
Server: Apache/2.4.18 (Ubuntu)

Then, verify if the pnet0 interface has an ip address assigned:

root@eve-ng:~# ip a s dev pnet0
3: pnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:50:56:b8:ab:0b brd ff:ff:ff:ff:ff:ff
    inet brd scope global pnet0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:feb8:ab0b/64 scope link 
       valid_lft forever preferred_lft forever

What is pnet0? Is a bridge that has attached the management interface to it (in this case eth0):

root@eve-ng:~# brctl show pnet0
bridge name	bridge id		STP enabled	interfaces
pnet0		8000.005056b8ab0b	no		eth0

For more information about this pnet interfaces, see here.

In the VM, check that the Internet is reachable and a nameserver is added in /etc/resolv.conf (use or

For adding VM images and binaries for Cisco devices, 2 paths are important here:

- /opt/unetlab/addons/dynamips - used for cisco images. See here a tutorial for Cisco Dynamips.

- /opt/unetlab/addons/qemu - used for ISOs (Linux, firewalls: fortigate, firepower, palo alto etc.). See here tutorial for Linux.

Check also if the private ip address is reachable from the host machine and if so, try to access with ssh (which is enabled by default):

user@local_host:~$ ping -c 3
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=63 time=6.46 ms
64 bytes from icmp_seq=2 ttl=63 time=6.18 ms
user@local_host:~$ ssh -l root # here use your mgmt ip
root@'s password: 
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.20.17-eve-ng-ukms+ x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
Last login: Tue Oct 20 02:33:24 2020 from

The last thing to do here is access the webui application of eve-ng (the main thing). Go to the browser and type exactly the interface pnet0 ip address. You must get this:

Type user: admin and password: eve and from file manager, create a new folder:

Add a new lab (we will use different file for each one):

In the end, you should see this interface:

sred/setup_lab_remote.txt · Last modified: 2022/10/14 23:49 by horia.stoenescu
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0