SEC‐440 Project 1 - DefiantCoder/Tech-Journals GitHub Wiki
Vyos 1 Config
configure
set system login user vyos authentication plaintext-password [password]
set system login user [adam-adm]
set system login user [adam-adm] authentication plaintext-password [password]
set system host-name vyos1-adam
# Network 1 config
show interfaces
set interfaces ethernet eth0 description "WAN"
set interfaces ethernet eth0 address 10.0.17.19/24
set interfaces ethernet eth1 description "LAN"
set interfaces ethernet eth1 address 10.0.5.2/24
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2
commit
save
# DNS setup
set service dns forwarding allow-from 10.0.5.0/24
set service dns forwarding listen-address 10.0.5.1
set service dns forwarding system
- NAT setup
set nat source rule 10 description "NAT from LAN to WAN"
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 10.0.5.0/24
set nat source rule 10 translation address masquerade
- Port forwarding
set nat destination rule 20 description 'HTTP to WEB01"
set nat destination rule 20 destination address 10.0.17.109
set nat destination rule 20 destination port 80
set nat destination rule 20 inbound-interface eth0
set nat destination rule 20 protocol tcp
set nat destination rule 20 translation address 10.0.5.100
set nat destination rule 20 translation port 80
set nat destination rule 30 description "SSH to WEB01"
set nat destination rule 30 destination address 10.0.17.109
set nat destination rule 30 destination port 22
set nat destination rule 30 inbound-interface eth0
set nat destination rule 30 protocol tcp
set nat destination rule 30 translation address 10.0.5.100
set nat destination rule 30 translation port 22
- VRRP setup
# WAN
set high-availability vrrp group WAN vrid 159
set high-availability vrrp group WAN interface eth0
set high-availability vrrp group WAN address 10.0.17.109/24
# For vyos01
set high-availability vrrp group WAN priority 200
# LAN
set high-availability vrrp group LAN vrid 10
set high-availability vrrp group LAN interface eth1
set high-availability vrrp group LAN address 10.0.5.1/24
# For vyos01
set high-availability vrrp group LAN priority 200
Vyos 2 Config
configure
set system login user vyos authentication plaintext-password [password]
set system login user [adam-adm]
set system login user [adam-adm] authentication plaintext-password [password]
set system host-name vyos2-adam
commit
save
# Network 2 config
show interfaces
set interfaces ethernet eth0 description "WAN"
set interfaces ethernet eth0 address 10.0.17.79/24
set interfaces ethernet eth1 description "LAN"
set interfaces ethernet eth1 address 10.0.5.3/24
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2
commit
save
# DNS setup
set service dns forwarding allow-from 10.0.5.0/24
set service dns forwarding listen-address 10.0.5.1
set service dns forwarding system
- NAT setup
set nat source rule 10 description "NAT from LAN to WAN"
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 10.0.5.0/24
set nat source rule 10 translation address masquerade
- Port forwarding
set nat destination rule 20 description 'HTTP to WEB01"
set nat destination rule 20 destination address 10.0.17.109
set nat destination rule 20 destination port 80
set nat destination rule 20 inbound-interface eth0
set nat destination rule 20 protocol tcp
set nat destination rule 20 translation address 10.0.5.100
set nat destination rule 20 translation port 80
set nat destination rule 30 description "SSH to WEB01"
set nat destination rule 30 destination address 10.0.17.109
set nat destination rule 30 destination port 22
set nat destination rule 30 inbound-interface eth0
set nat destination rule 30 protocol tcp
set nat destination rule 30 translation address 10.0.5.100
set nat destination rule 30 translation port 22
- VRRP setup
# WAN
set high-availability vrrp group WAN vrid 159
set high-availability vrrp group WAN interface eth0
set high-availability vrrp group WAN address 10.0.17.109/24
# For vyos02
set high-availability vrrp group WAN priority 100
# LAN
set high-availability vrrp group LAN vrid 10
set high-availability vrrp group LAN interface eth1
set high-availability vrrp group LAN address 10.0.5.1/24
# For vyos02
set high-availability vrrp group LAN priority 100
Xubuntu-wan Config
sudo adduser adam-adm
sudo usermod -aG sudo adam-adm
sudo passwd champuser
Xubuntu-wan network
Xubuntu-lan Config
sudo adduser adam-adm
sudo usermod -aG sudo adam-adm
sudo passwd champuser
Xubuntu-lan network
Web01 Config
- Set this VM to your LAN network in vSphere
sudo adduser adam-adm
sudo passwd adam-adm
sudo usermod -aG wheel adam-adm
sudo passwd root
# begins network and hostname configuration
nmtui
Configure firewall to allow ssh & http
2fa
-
Use this site for setup https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-centos-7
-
A successful result
VyOS 1 & 2 config
-
VyOS 1 config
-
VyOS 2 config
Video
https://drive.google.com/drive/folders/18TwXi54wntox5frR_I0zZfjgEcuLL3It
Project 1 Reflection
project 1 reflections (chronological discussion of what you've done, your trials, tribulations and lessons learned)
This was a good starting project, It had alot of things we have done previously but all mashed together. I will say I had a bit of trouble with the VRRP and some technical issues with curl but overall I think this was a pretty good project. My issue with curl was a simple one that gave me so much trouble, on xubuntu-wan I could not properly download or update but could ping 8.8.8.8, I later found out this was fixed by unchecking and re checking the enable network box on xubuntu. Restarting the box did not fix this issue but the above fix did which was confusing but at least it works now.