Show page

Differences

This shows you the differences between two versions of the page.

--- sred:setup_lab_remote [2022/10/14 18:32]
horia.stoenescu
+++ sred:setup_lab_remote [2023/10/14 13:50] (current)
horia.stoenescu [Virtual machine access]
@@ Line 1: / Line 1: @@
-======== Eve-ng setup lab remote ========
+======== Eve-ng cloud setup ========
 ==== Host VPN connection ====
@@ Line 5: / Line 5: @@
 A). In case you have on your host Windows/MacOS installed:
-from any browser go to portal address **vpn.upb.exam.live** (!!do not ping it!!, it does not respond to icmp-echo requests), login in the new window with your LDAP credentials (used also for Moodle acount) and download the agent for your OS - Windows or MacOS (win 32b, win 64b or macos 32/64b).
+from any browser go to portal address **vpn.upb.exam.live** (!!do not ping it!!, it does not respond to icmp-echo requests), login in the new window with student credentials and download the agent for your OS - Windows or MacOS (win 32b, win 64b or macos 32/64b).
 <note>
@@ Line 11: / Line 11: @@
 </note>
-B). In case you have on your host Linux: you can download the UI version from [[https://drive.google.com/file/d/1StiKwCWQ0EkkPvfREmABSGY_EwGnYjnS/view?usp=sharing|here]] (v. 5.2.6.0-18 - the latest GP version tested on Linux). There is also a CLI version, but this does not work with this portal. Please note that this version is mostly used by QA automation team and you may encounter different bugs. If you get stuck, please do not hesitate to contact me on chat/email.
+B). In case you have on your host Linux: you can download the UI version from [[https://drive.google.com/file/d/1StiKwCWQ0EkkPvfREmABSGY_EwGnYjnS/view?usp=sharing|here]] (v. 5.2.6.0-18 - the latest GP version tested on Linux). There is also a CLI version, but this does not work with this portal. Please note that this version is mostly used by QA automation team and you may encounter different bugs. If you get stuck, please do not hesitate to contact the assistant on Teams chat.
 <note>
@@ Line 24: / Line 24: @@
 If you have issues accessing the portal, try the following steps:
-- access from browser the portal. If you receive a timeout, then your public ip is blocked. Ask me or Mihai to delete the entry
+- access from browser the portal. If you receive a timeout, then your public ip is blocked. Ask the assistant to delete the entry
 - if you have access from browser and the connection cannot be made from GP UI, then try to disable and then enable, or go to Settings > General > Portals remove it and connect again to it, or reinstall the application
@@ Line 45: / Line 45: @@
 </code>
-. Login again with your LDAP credentials and then go to a terminal and check a ping request to an internal gw:
+. Login again with student credentials and then go to a terminal and check a ping request to an internal gw:
 <code>
 user@hostname:~$ ping -c 2 10.3.255.254
@@ Line 63: / Line 63: @@
 ==== Virtual machine access ====
-The VM is an eve-ng (previously known as unetlab) and each student has one assigned (see [[https://docs.google.com/spreadsheets/d/17MT1QpG6bhJ8ftYNOGFywpuVoBuSwhlO-o0EkY-WGyc/edit#gid=0|here]] mappings: ip VM--student) that can be accessed from:
+The VM is an ''eve-ng'' (previously known as unetlab) and each student has one assigned (see the last column on class register, available on the course [[https://curs.upb.ro/2023/course/view.php?id=4550|website]] mappings: ip VM--student) that can be accessed from:
-- CLI (user: **root** and password: **student**) which is mostly used for debugging and you will rarely use it (for adding new images, freeing space etc.).
+- CLI via ssh (user: **root** and password: **eve**) which is mostly used for debugging and you will rarely use it (for adding new images, freeing space etc.).
-- web (user: **admin** and password: **eve**) which provides an user interface for an emulated virtual environment with endpoints (OS Linux) and network/security equipments. Is quite similar to GNS3 that was used previously on SRED (lab 2019).
+- web (user: **admin** and password: **eve**) which provides an user interface for an emulated virtual environment with endpoints (OS Linux) and network/security equipments
 <note>
@@ Line 88: / Line 88: @@
 </note>
+For the labs, we are going to use:
-For the first 2 labs, a Cisco router 7200 image is used (as it supports acls, cbac, zbf) in dynamips, 3 Ubuntu 18.04 machines (1 server and 2 clients) and a Kali 2019.3. In order to create the topology, you just need to drag the required node (4 available for now) and add network connections between them.
+- ''Cisco router 7200 image'' (as it supports acls, cbac, zbf) in dynamips - setup steps [[https://www.eve-ng.net/index.php/documentation/howtos/howto-add-cisco-dynamips-images-cisco-ios/|here]]
+- ''Ubuntu 22.04'' and ''Kali 2019.3'' machines - setup steps [[https://www.eve-ng.net/index.php/documentation/howtos/howto-create-own-linux-host-image/|here]]
+- ''pfSense'' open source firewall - image [[https://www.pfsense.org/download/|here]] and setup [[https://www.eve-ng.net/index.php/3380-2/|steps]]
+In order to create the topology, you just need to drag the required node and add network connections between them.
 <note>
-[[http://31.22.89.2/cisco-ios/7200/|This]] is the place where you find different other Cisco 7200 images.
+[[https://drive.google.com/file/d/1PL-SvcwoS1vplIprlSWjdKNUDgW66rFU/view|This]] is the place where you find Cisco 7200 image.
 Dynamips images are stored on the eve-ng machine on path **/opt/unetlab/addons/dynamips** (yes, they kept that legacy name path). The required one is already added there so do not delete anything.
@@ Line 169: / Line 175: @@
 ==== FAQ ====
 For other FAQ, please check this [[https://www.eve-ng.net/index.php/faq/|page]].
-======== Eve-ng local machine setup ========
-If you want to install on your local host/own server/cloud this eve-ng machine, you can look over the next steps to make sure the process is done corectly.
-Download [[https://www.eve-ng.net/index.php/download/|here]] the iso file eve-ng free edition, then in vmware workstation/vmware esx create a new VM with the following configuration:
-As eve-ng is an ubuntu 16.04 with x86_64 arch, select:
-{{:sred:gues_os_select.png?600|}}
-Use 4 vCPUs and do not forget to tick: expose hw assisted virtualization to guest OS (necessary to run other VMs on this VM):
-{{:sred:cpu_config.png?800|}}
-Add at least 8 GB of RAM and 50 GB for storage. Add the VM in your local management network and choose the installation ISO file downloaded above:
-{{:sred:machine_config.png?800|}}
-Finish and boot the machine. Click Install VM > English or any other language you want:
-{{:sred:ubuntu_install_eve_ng.png?800|}}
-Add the hostname for the machine:
-{{:sred:hostname_config.png?800|}}
-Accept the location area for current time, then wait for system installation and keep proxy manager with no config.
-Select here no automatic updates (we want to select ourselves the packages to update as it may broke the server):
-{{:sred:automatic_updates.png?800}}
-Finish the installation and boot the eve-ng machine. After booting the device (takes 2-3 mins to install every required package), login with user: **root** and password: **eve** (the default ones).
-Add a new password for the root account (**student** used for labs):
-{{:sred:eve_ng_install.png?800}}
-You can keep the default hostname (eve-ng):
-{{:sred:eve_ng_install2.png?800}}
-DNS domain name leave as blank:
-{{:sred:eve_ng_install3.png?800}}
-For mgmt interface, use dhcp for ip config (more explanation about this interface are given below):
-{{sred:eve_ng_install4.png?800}}
-For ntp server, use time.google.com:
-{{sred:eve_ng_install5.png?800}}
-Keep direct connection with exernal:
-{{sred:eve_ng_install6.png?800}}
-Then, the machine will reboot automatically and login with your newly added credentials (here - user: root and password: student):
-{{sred:eve_ng_install7.png?800}}
-Check firstly if the apache2 service is up and listening to default port 80:
-<code>
-root@eve-ng:~# netstat -atupn | grep apache2
-tcp6       0      0 :::80                   :::*                    LISTEN      2711/apache2
-</code>
-If not, restart the service and make sure is up:
-<code>
-root@eve-ng:~# sudo service apache2 restart
-root@eve-ng:~# sudo service apache2 status
-● apache2.service - LSB: Apache2 web server
-[...]
-Oct 20 15:49:04 eve-ng systemd[1]: Starting LSB: Apache2 web server...
-Oct 20 15:49:04 eve-ng apache2[30867]:  * Starting Apache httpd web server apache2
-Oct 20 15:49:05 eve-ng apache2[30867]:  *
-Oct 20 15:49:05 eve-ng systemd[1]: Started LSB: Apache2 web server.
-</code>
-See the machine responds with 200 OK for GET requests on localhost:
-<code>
-root@eve-ng:~# curl -I localhost:80
-HTTP/1.1 200 OK
-Date: Tue, 20 Oct 2020 12:58:06 GMT
-Server: Apache/2.4.18 (Ubuntu)
-[...]
-</code>
-Then, verify if the pnet0 interface has an ip address assigned:
-<code>
-root@eve-ng:~# ip a s dev pnet0
-: pnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
-    link/ether 00:50:56:b8:ab:0b brd ff:ff:ff:ff:ff:ff
-    inet 10.3.0.2/16 brd 10.3.255.255 scope global pnet0
-       valid_lft forever preferred_lft forever
-    inet6 fe80::250:56ff:feb8:ab0b/64 scope link
-       valid_lft forever preferred_lft forever
-</code>
-<note>
-What is pnet0?
-Is a bridge that has attached the management interface to it (in this case eth0):
-<code>
-root@eve-ng:~# brctl show pnet0
-bridge name	bridge id		STP enabled	interfaces
-pnet0		8000.005056b8ab0b	no		eth0
-</code>
-For more information about this pnet interfaces, see [[https://blog.dical.org/?p=258|here]].
-</note>
-In the VM, check that the Internet is reachable and a nameserver is added in /etc/resolv.conf (use 8.8.8.8 or 8.8.4.4).
-For adding VM images and binaries for Cisco devices, 2 paths are important here:
-- **/opt/unetlab/addons/dynamips** - used for cisco images. See [[https://www.eve-ng.net/index.php/documentation/howtos/howto-add-cisco-dynamips-images-cisco-ios/|here]] a tutorial for Cisco Dynamips.
-- **/opt/unetlab/addons/qemu** - used for ISOs (Linux, firewalls: fortigate, firepower, palo alto etc.). See [[https://www.eve-ng.net/index.php/documentation/howtos/howto-create-own-linux-host-image/|here]] tutorial for Linux.
-Check also if the private ip address is reachable from the host machine and if so, try to access with ssh (which is enabled by default):
-<code>
-user@local_host:~$ ping -c 3 10.3.0.2
-PING 10.3.0.2 (10.3.0.2) 56(84) bytes of data.
-bytes from 10.3.0.2: icmp_seq=1 ttl=63 time=6.46 ms
-bytes from 10.3.0.2: icmp_seq=2 ttl=63 time=6.18 ms
-[...]
-</code>
-<code>
-user@local_host:~$ ssh -l root 10.3.0.2 # here use your mgmt ip
-root@10.3.0.2's password:
-Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.20.17-eve-ng-ukms+ x86_64)
- * Documentation:  https://help.ubuntu.com
- * Management:     https://landscape.canonical.com
- * Support:        https://ubuntu.com/advantage
-Last login: Tue Oct 20 02:33:24 2020 from 10.128.0.6
-root@eve-ng:~#
-</code>
-The last thing to do here is access the webui application of eve-ng (the main thing). Go to the browser and type exactly the interface pnet0 ip address. You must get this:
-{{:sred:eve_ng_webui.png?500|}}
-Type user: **admin** and password: **eve** and from file manager, create a new folder:
-{{:sred:file_manager_eve_ng.png?800|}}
-Add a new lab (we will use different file for each one):
-{{:sred:lab_config.png?900|}}
-In the end, you should see this interface:
-{{:sred:eve_ng_webui_2.png?800|}}