Project 1 Reflection - jwells24/Tech-Journal GitHub Wiki

Project 1 Reflection

Most Important Takeaways

  1. Make sure to set IPv4 addressing to manual, rather than automatic, on all boxes when using nmtui such as xubuntu-wan, xubuntu-lan, and web01.
  2. When adding an ssh key for ssh, make sure to add the key to the /.ssh directory of the user whom you want to be able to use ssh authentication.
  3. Use SSH to access the VYOS routers to be able to copy/paste so you don't have to write out every command.
  4. For VRRP, groups can share a vrid but each group can only have 1 interface and address active for VRRP.

Week 1

  • In week 1, my main goal was to set up connectivity for all of my boxes and the routers, and be able to start to communicate from the boxes to the internet and between boxes. The first objective was to configure the networks; WAN, LAN, and OPT, on the vyos1 and vyos2 routers. I used my old notes from SEC-350 to give me a baseline of what was going to be necessary in order to set up the networks, and I was able to get vyos01 and vyos02 configured with the correct interfaces and rules to allow inter-network communication.

  • My next goal was to begin setting up some of the other boxes, so I began to setup both xubuntu boxes as well as web01. One issue I ran into was setting up the xubuntu boxes using the network gui, which worked temporarily, but then the network access began to drop randomly. The solution to this was to go into nmtui and change the ipv4 settings from automatic to manual to create a stable connection. Once I was able to setup internet access, hostnames, and some users for the three boxes in this project I was able to move on.

Week 2

  • In week 2, the main focus for me was setting up redundancy for the routers as well as configuring port forwarding and MFA for ssh. First, for port redundancy, the only thing that slowed me down was realizing that each VRRP group is responsible for one interface and one address. Therefore, we would need to have a wangroup and langroup to control each virtual port for our two interfaces. We could use the same vrid for both of them, and then all we had to do was use a couple commands to set them up. Now that VRRP was enabled, it was time to setup MFA for ssh. This wasn't too bad because I found a well written tutorial, but I did run into one issue. I configured the ssh key for google auth to go into the root directory, giving the root user MFA. Once I realized my mistake, I just had to create a new ssh key for the user I wanted to use, jwells, and he was able to ssh using MFA into web01.

  • The last thing I did in this project was configure port forwarding for the routers. This wasn't bad, as it just consisted of adding one NAT rule and I had documentation from SEC-350 to assist me in this aspect.