SEC 440 Week 1 Project 1 - JadenGil/Jaden-Tech-Journal GitHub Wiki
High Availability Setup:
Before entering the machines make sure to set the interfaces by right-clicking on the VM and selecting "edit settings". From here you can select "ADD NEW DEVICE" and under the 'Network' tab of this menu select "Network Adapter". There should now be three network adapters and they should be set as WAN, LAN, and OPT respectively. Do this on both VyOS VMs and you should be good to enter the VMs.
Enter configuration mode by typing config in the terminal.
Once in configuration mode use the command show int to make sure all of the network adapters are available. It should look something like this at first:
There won't be any IP addresses on the interfaces yet, to set those you'll want to use the command set interfaces ethernet eth(# Here) address x.x.x.x/subnet_goes_here
Once that is done on all three interfaces on both machines it should look something like this when using show int:
Don't forget to type commit and save after doing this or none of that will save
To configure the static route you'll want to be in configuration mode and type the following into the command line: set protocols static route 0.0.0.0/0 next-hop <address>
It is also important to set the DNS server which can be done in configuration mode by typing set system name-server <address> into the command line followed by set service DNS forwarding allow-from 10.0.5.0/24 and set service dns forwarding listen-address 10.0.5.2 and set dns forwarding system
Now you should make sure to configure the NAT source rule using the following commands:
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 10.0.5.0/24
set nat source rule 10 translation address masquerade
REMEMBER commit and save THIS SHOULD BE DONE ON BOTH VYOS VMS!!
You should now be able to ping google.com by name and not just 8.8.8.8
High availability settings link: https://www.dpcvirtualtips.com/basic-vrrp-configuration-on-vyos/
Settings on VyOS01:
configure
set high-availability vrrp group J-VM hello-source-address 10.10.10.2
set high-availability vrrp group int interface eth0
set high-availability vrrp group int peer-address 10.0.5.3
set high-availability vrrp group int no-preempt
set high-availability vrrp group int priority 200
set high-availability vrrp group int address 10.0.5.100/24
set high-availability vrrp group int vrid 10
commit
save
Settings for VyOS02:
configure
set high-availability vrrp group int hello-source-address 10.0.5.3
set high-availability vrrp group int interface eth1
set high-availability vrrp group int peer-address 10.0.5.2
set high-availability vrrp group int no-preempt
set high-availability vrrp group int priority 100
set high-availability vrrp group int address 10.0.5.100/24
set high-availability vrrp group int vrid 10
commit
save
VyOS01 VRRP Functioning:
VyOS02 VRRP Working
On both XUbuntu VMs you'll want to make sure the IP addresses are set (Make sure they are on the proper network adapters before doing so).
To set the IP address on both machines, select the network icon near the date and time in the top right corner of the screen, select "Wired connection 1" and change the method to "manual" in the drop-down menu. From here you can select "add" and type in the corresponding IP and gateway.
Xubuntu WAN:
Xubuntu LAN:
I'm unsure if this is the correct method but I was experiencing name translation errors and using sudo nano /etc/resolv.conf I changed the name servers to the following:
To make sure that the network is activated make sure to select "Wired connection 1" in the network drop-down menu on the home screen
IMPORTANT Make sure to install curl by using sudo apt update followed by sudo apt install curl
Getting the internet setup on Web01 should be pretty simple. Once logged in use the nmtui command and set your address. Make sure the network adapter is LAN!
For it to work 100% right make sure that these commands have been entered:
In order to get curl to work on the other machines make sure httpd is installed and running using yum install httpd followed by systemctl enable httpd and finally systemctl start httpd
Once installed
All of the instructions I followed came from this guide:
First I made the directory .ssh on the root directory because this setup is reliant on having that directory.
After that directory was made I ran the following commands:
sudo yum search epel To make sure you download the most up-to-date version
sudo yum install epel-release Installation should be very quick
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo yum install google-authenticator qrencode-libs This downloads google authenticator and allows for a qr code to generate during setup to make Google authenticator setup a lot easier
(NOTE! The QR code comes out too quick and too big and since you cannot scroll up the QR code ends up being completely useless)
google-authenticator -s ~/.ssh/google_authenticator This provides you with the QR code and the Setup key. You'll want the setup key. Put that into the Google authenticator app and it will give you a code. Once you type that code in It'll present you with backup codes:
(NOTE! It'll also ask you a lot of questions but I recommend referencing the guide above for the answers)
restorecon -Rv ~/.ssh/ This restores the SELinux based on the context of the new location
Make a backup of the sshd file and add the 2 lines at the end:
While there wasn't a lot of new information that I learned in this lab it was an excellent warm-up for the rest to come. Prior to this lab I had only used VyOS a handful of times and my previous experience was less than enjoyable but this time I really took my time and made sure to take in as much information as I could about how to work with this operating system. I remember in the past that the NAT rules caused me a lot of trouble but this time I was able to gain a much stronger understanding of the rules and what could be causing issues.
Issues I ran into:
-
Some of the VMs wouldn't properly connect to the internet because I had 2 nameservers set when I only needed one so I had to go back through and make sure the only name server on VyOS01 was
10.0.17.2 -
I ran into a lot of issues with web01 connecting to the internet, allowing SSH, and running HTTP but it turns out that I had made a silly mistake by setting the wrong gateway and DNS as well as not installing either of the services stated above- I had believed that they were pre-installed on the system and while SSH is, HTTP is not.
-
Xubuntu-LAN wasn't able to get an internet connection for a long time but this was because of the previously mentioned nameserver issue and on top of that the gateway and DNS were also wrong