Milestone #6: Blue Networking and Vyos - zacharylongo/Tech-Journals GitHub Wiki

Milestone 6:

6.1

  • This portion of the lab focused primarly on Network utility; IE: create a new network and assign switches.

I used the following to create my first new virtual network:

New-Network -NetworkName "insert network name here" -defaultJSON ./x.json

6.2: Clone/Network

  • In the first steps I created a linked clone of my firewall and then created a linked clone. I would make sure to save a base snapshot beforehand.

Deploy-Clone -LinkedClone -VMName server.vyos.base -CloneVMName fwblue -defaultJSON ./x.json

Deploy-Clone -FullClone -VMName 480-fw -CloneVMName VYOSfw -defaultJSON ./x.json
  • I would next configure the VYOS firewall to use DHCP and listen for SSH on 0.0.0.0
set interfaces ethernet eth0 address dhcp
set service ssh listen-address 0.0.0.0
  • Remember to commit and save your changes as you go!

After this, I fully deployed my Blue Firewall.

6.3 (The real start to this journal entry)

My banner for 480.utils

image

  • I would first take a snapshot:

image

  • Would then use 480 utils to assign a new network adapter / address

image

  • I next would start the Ansible install process on my management box (xubuntu WAN) making sure to implement the highlighted portion:

image

image

  • I would then attempt to execute the ansible ping:

image

  • After this, I would run my ansible playbook to:

  1. Set a password

  2. Load my VYOS config (IP's, Forwarding addresses, labeling connections etc..)

image

  • The new "fw-blue1" coming online:

image

  • Successful implementation of config on target (fw-blue1)

image

Reflection:

The first steps of this lab were extremely easy. I only encountered a small issue regarding the pathing for powershell modules. I mean how hard could it be to change network settings via powershell/python?

The next steps however; those were a different story

For about a week I saw the following:

image

Regrettably as I am writing this documentation post-humorously I forget exactly what the issue was. However I can say that host_checking was labeled as false in all ansible config files.

From my memory, the issue stemmed from a mispathing involving the config files. We were not positive how this happened, but with several hours of troubleshooting I and my instructor were able to remedy it.