Show page

Differences

This shows you the differences between two versions of the page.

--- sred:setup_lab_remote [2021/10/29 20:53]
horia.stoenescu [Host VPN connection]
+++ sred:setup_lab_remote [2023/10/14 13:50] (current)
horia.stoenescu [Virtual machine access]
@@ Line 1: / Line 1: @@
-======== Setup lab remote ========
+======== Eve-ng cloud setup ========
 ==== Host VPN connection ====
@@ Line 5: / Line 5: @@
 A). In case you have on your host Windows/MacOS installed:
-from any browser go to portal address **vpn.upb.exam.live** (!!do not ping it!!, it does not respond to icmp-echo requests), login in the new window with your LDAP credentials (used also for Moodle acount) and download the agent for your OS - Windows or MacOS (win 32b, win 64b or macos 32/64b).
+from any browser go to portal address **vpn.upb.exam.live** (!!do not ping it!!, it does not respond to icmp-echo requests), login in the new window with student credentials and download the agent for your OS - Windows or MacOS (win 32b, win 64b or macos 32/64b).
 <note>
@@ Line 11: / Line 11: @@
 </note>
-B). In case you have on your host Linux: you can download the UI version from [[https://drive.google.com/file/d/1StiKwCWQ0EkkPvfREmABSGY_EwGnYjnS/view?usp=sharing|here]] (v. 5.2.6.0-18 - the latest GP version tested on Linux). There is also a CLI version, but this does not work with this portal. Please note that this version is mostly used by QA automation team and you may encounter different bugs. If you get stuck, please do not hesitate to contact me on chat/email.
+B). In case you have on your host Linux: you can download the UI version from [[https://drive.google.com/file/d/1StiKwCWQ0EkkPvfREmABSGY_EwGnYjnS/view?usp=sharing|here]] (v. 5.2.6.0-18 - the latest GP version tested on Linux). There is also a CLI version, but this does not work with this portal. Please note that this version is mostly used by QA automation team and you may encounter different bugs. If you get stuck, please do not hesitate to contact the assistant on Teams chat.
 <note>
-As seen on some students, there exists an alternative to GP client for Linux, called [[https://github.com/yuezk/GlobalProtect-openconnect|GlobalProtect-openconnect]].
+As seen on some students, there exists an alternative to GP client for Linux, called [[https://github.com/yuezk/GlobalProtect-openconnect|GlobalProtect-openconnect]] (tested on Ubuntu and Arch, should work on other distributions as well).
-The only issue seen was with an Arch host (it fails the connection at pre-login to gateway and the vpn tunnel cannot be established), so it may not be compatible with this gateway.
 </note>
@@ Line 26: / Line 24: @@
 If you have issues accessing the portal, try the following steps:
-- access from browser the portal. If you receive a timeout, then your public ip is blocked. Ask me or Mihai to delete the entry
+- access from browser the portal. If you receive a timeout, then your public ip is blocked. Ask the assistant to delete the entry
 - if you have access from browser and the connection cannot be made from GP UI, then try to disable and then enable, or go to Settings > General > Portals remove it and connect again to it, or reinstall the application
@@ Line 47: / Line 45: @@
 </code>
-. Login again with your LDAP credentials and then go to a terminal and check a ping request to an internal gw:
+. Login again with student credentials and then go to a terminal and check a ping request to an internal gw:
 <code>
 user@hostname:~$ ping -c 2 10.3.255.254
@@ Line 65: / Line 63: @@
 ==== Virtual machine access ====
-The VM is an eve-ng (previously known as unetlab) and each student has one assigned (see [[https://curs.upb.ro/mod/url/view.php?id=84844|here - TO ADD XLS]] mappings: ip VM--student) that can be accessed from:
+The VM is an ''eve-ng'' (previously known as unetlab) and each student has one assigned (see the last column on class register, available on the course [[https://curs.upb.ro/2023/course/view.php?id=4550|website]] mappings: ip VM--student) that can be accessed from:
-- CLI (user: **root** and password: **student**) which is mostly used for debugging and you will rarely use it (for adding new images, freeing space etc.).
+- CLI via ssh (user: **root** and password: **eve**) which is mostly used for debugging and you will rarely use it (for adding new images, freeing space etc.).
-- web (user: **admin** and password: **eve**) which provides an user interface for an emulated virtual environment with endpoints (OS Linux) and network/security equipments. Is quite similar to GNS3 that was used previously on SRED (lab 2019).
+- web (user: **admin** and password: **eve**) which provides an user interface for an emulated virtual environment with endpoints (OS Linux) and network/security equipments
 <note>
@@ Line 81: / Line 79: @@
 . Calculate sha256 hash of the new password:
 <code>
-hash_sha256=$(echo "MySuperUltraSecretPasswod" | sha256sum | cut -d " " -f2)
+hash_sha256=$(echo -n "MySuperUltraSecretPasswod" | sha256sum | cut -d " " -f1)
 </code>
@@ Line 90: / Line 88: @@
 </note>
+For the labs, we are going to use:
-For the first 2 labs, a Cisco router 7200 image is used (as it supports acls, cbac, zbf) in dynamips, 3 Ubuntu 18.04 machines (1 server and 2 clients) and a Kali 2019.3. In order to create the topology, you just need to drag the required node (4 available for now) and add network connections between them.
+- ''Cisco router 7200 image'' (as it supports acls, cbac, zbf) in dynamips - setup steps [[https://www.eve-ng.net/index.php/documentation/howtos/howto-add-cisco-dynamips-images-cisco-ios/|here]]
+- ''Ubuntu 22.04'' and ''Kali 2019.3'' machines - setup steps [[https://www.eve-ng.net/index.php/documentation/howtos/howto-create-own-linux-host-image/|here]]
+- ''pfSense'' open source firewall - image [[https://www.pfsense.org/download/|here]] and setup [[https://www.eve-ng.net/index.php/3380-2/|steps]]
+In order to create the topology, you just need to drag the required node and add network connections between them.
 <note>
-[[http://31.22.89.2/cisco-ios/7200/|This]] is the place where you find different other Cisco 7200 images.
+[[https://drive.google.com/file/d/1PL-SvcwoS1vplIprlSWjdKNUDgW66rFU/view|This]] is the place where you find Cisco 7200 image.
 Dynamips images are stored on the eve-ng machine on path **/opt/unetlab/addons/dynamips** (yes, they kept that legacy name path). The required one is already added there so do not delete anything.
@@ Line 132: / Line 136: @@
 </note>
-==== Eve-ng machine setup ====
+==== Create a new node ====
-If you want to install on your local host/own server/cloud this eve-ng machine, you can look over the next steps to make sure the process is done corectly.
+You will require to create new nodes for topologies on webui in eve-ng. The images for Linux (Ubuntu and Kali), Cisco router 7200, Cisco FTD, and Fortinet are already added on the VM.
-Download [[https://www.eve-ng.net/index.php/download/|here]] the iso file eve-ng free edition, then in vmware workstation/vmware esx create a new VM with the following configuration:
+. Right click on dashboard > Add new object > select Node
-As eve-ng is an ubuntu 16.04 with x86_64 arch, select:
+. Select a template (for example: Linux). These are created based on the uploaded image names in eve-ng machine (dynamips, qemu, or iol) and the format of file (you may be able to select Linux, but if you do not add a proper image in qcow2 format, it won't be read for node deployment).
-{{:sred:gues_os_select.png?600|}}
+. After selecting the template, you are required to complete the following:
-Use 4 vCPUs and do not forget to tick: expose hw assisted virtualization to guest OS (necessary to run other VMs on this VM):
+- number of nodes (most of the times, only 1 as we are using an image per node)
-{{:sred:cpu_config.png?800|}}
+- select image name (based on the folder from dynamips folder)
-At least add 8 GB of RAM and 50 GB for storage. Add the VM in your local management network and choose the installation ISO file downloaded above:
+- add a name for node (this will appear on the topology in dashboard)
-{{:sred:machine_config.png?800|}}
-Finish and boot the machine. Click Install VM > English or any other language you want:
+- select the number of vCPUS, RAM, and number of Ethernet ports
-{{:sred:ubuntu_install_eve_ng.png?800|}}
+- select the console access mode (most of the times we are using telnet for router and vnc for the rest)
-Add the hostname for the machine:
+- keep the rest as they are pre-configured
-{{:sred:hostname_config.png?800|}}
+Example: create a kali node
-Accept the location area for current time, then wait for system installation and keep proxy manager with no config.
+{{:sred:add_new_node.png?500|}}
-Select here no automatic updates (we want to select ourselves the packages to update as it may broke the server):
+To change the node configuration, you need to power it off firstly.
-{{:sred:automatic_updates.png?800}}
+<note>
+If you want to learn more about the deployment of nodes, see this links from eve-ng documentation:
-Finish the installation and boot the eve-ng machine. After booting the device (takes 2-3 mins to install every required package), login with user: **root** and password: **eve** (the default ones).
+[[https://www.eve-ng.net/index.php/documentation/howtos/howto-create-own-linux-host-image/|Linux image]]
-Add a new password for the root account (**student** used for labs):
+[[https://www.eve-ng.net/index.php/documentation/howtos/howto-add-cisco-dynamips-images-cisco-ios/|Cisco IOS (based on dynamips)]]
-{{:sred:eve_ng_install.png?800}}
+[[https://www.eve-ng.net/index.php/documentation/howtos/howto-add-cisco-iol-ios-on-linux/|Cisco IOL (switches, routers)]]
-You can keep the default hostname (eve-ng):
-{{:sred:eve_ng_install2.png?800}}
-DNS domain name leave as blank:
-{{:sred:eve_ng_install3.png?800}}
-For mgmt interface, use dhcp for ip config (more explanation about this interface are given below):
-{{sred:eve_ng_install4.png?800}}
-For ntp server, use time.google.com:
-{{sred:eve_ng_install5.png?800}}
-Keep direct connection with exernal:
-{{sred:eve_ng_install6.png?800}}
-Then, the machine will reboot automatically and login with your newly added credentials (here - user: root and password: student):
-{{sred:eve_ng_install7.png?800}}
-Check firstly if the apache2 service is up and listening to default port 80:
-<code>
-root@eve-ng:~# netstat -atupn | grep apache2
-tcp6       0      0 :::80                   :::*                    LISTEN      2711/apache2
-</code>
-If not, restart the service and make sure is up:
-<code>
-root@eve-ng:~# sudo service apache2 restart
-root@eve-ng:~# sudo service apache2 status
-● apache2.service - LSB: Apache2 web server
-[...]
-Oct 20 15:49:04 eve-ng systemd[1]: Starting LSB: Apache2 web server...
-Oct 20 15:49:04 eve-ng apache2[30867]:  * Starting Apache httpd web server apache2
-Oct 20 15:49:05 eve-ng apache2[30867]:  *
-Oct 20 15:49:05 eve-ng systemd[1]: Started LSB: Apache2 web server.
-</code>
-See the machine responds with 200 OK for GET requests on localhost:
-<code>
-root@eve-ng:~# curl -I localhost:80
-HTTP/1.1 200 OK
-Date: Tue, 20 Oct 2020 12:58:06 GMT
-Server: Apache/2.4.18 (Ubuntu)
-[...]
-</code>
-Then, verify if the pnet0 interface has an ip address assigned:
-<code>
-root@eve-ng:~# ip a s dev pnet0
-: pnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
-    link/ether 00:50:56:b8:ab:0b brd ff:ff:ff:ff:ff:ff
-    inet 10.3.0.2/16 brd 10.3.255.255 scope global pnet0
-       valid_lft forever preferred_lft forever
-    inet6 fe80::250:56ff:feb8:ab0b/64 scope link
-       valid_lft forever preferred_lft forever
-</code>
-<note>
-What is pnet0?
-Is a bridge that has attached the management interface to it (in this case eth0):
-<code>
-root@eve-ng:~# brctl show pnet0
-bridge name	bridge id		STP enabled	interfaces
-pnet0		8000.005056b8ab0b	no		eth0
-</code>
-For more information about this pnet interfaces, see [[https://blog.dical.org/?p=258|here]].
 </note>
-In the VM, check that the Internet is reachable and a nameserver is added in /etc/resolv.conf (use 8.8.8.8 or 8.8.4.4).
+==== FAQ ====
+For other FAQ, please check this [[https://www.eve-ng.net/index.php/faq/|page]].
-For adding VM images and binaries for Cisco devices, 2 paths are important here:
-- **/opt/unetlab/addons/dynamips** - used for cisco images. See [[https://www.eve-ng.net/index.php/documentation/howtos/howto-add-cisco-dynamips-images-cisco-ios/|here]] a tutorial for Cisco Dynamips.
-- **/opt/unetlab/addons/qemu** - used for ISOs (Linux, firewalls: fortigate, firepower, palo alto etc.). See [[https://www.eve-ng.net/index.php/documentation/howtos/howto-create-own-linux-host-image/|here]] tutorial for Linux.
-Check also if the private ip address is reachable from the host machine and if so, try to access with ssh (which is enabled by default):
-<code>
-user@local_host:~$ ping -c 3 10.3.0.2
-PING 10.3.0.2 (10.3.0.2) 56(84) bytes of data.
-bytes from 10.3.0.2: icmp_seq=1 ttl=63 time=6.46 ms
-bytes from 10.3.0.2: icmp_seq=2 ttl=63 time=6.18 ms
-[...]
-</code>
-<code>
-user@local_host:~$ ssh -l root 10.3.0.2 # here use your mgmt ip
-root@10.3.0.2's password:
-Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.20.17-eve-ng-ukms+ x86_64)
- * Documentation:  https://help.ubuntu.com
- * Management:     https://landscape.canonical.com
- * Support:        https://ubuntu.com/advantage
-Last login: Tue Oct 20 02:33:24 2020 from 10.128.0.6
-root@eve-ng:~#
-</code>
-The last thing to do here is access the webui application of eve-ng (the main thing). Go to the browser and type exactly the interface pnet0 ip address. You must get this:
-{{:sred:eve_ng_webui.png?500|}}
-Type user: **admin** and password: **eve** and from file manager, create a new folder:
-{{:sred:file_manager_eve_ng.png?800|}}
-Add a new lab (we will use different file for each one):
-{{:sred:lab_config.png?900|}}
-In the end, you should see this interface:
-{{:sred:eve_ng_webui_2.png?800|}}