EVE-NG: Create Windows Server 2019 VM

KB ID Article 

Problem

I’ve had a Windows 2012R2 server image that I’ve ben using in EVE-NG for ever. This week it bit the dust so I thought, can I deploy a shiny new 2019 server?

EVE-NG Windows Virtual Machines

Yes! In fact the deployment procedure is the same for 2019 as it was for earlier versions of Windows server. First log onto your EVE-NG host and create the folder;

[box]

mkdir /opt/unetlab/addons/qemu/winserver-2019/

[/box]

Then ‘upload’ a copy of the Windows Server 2019 installation iso into that folder with WinSCP or FileZilla.

Now rename the ISO image file to cdrom.iso, then create a new, (empty) hard drive file, that we will install windows onto. (Note: below I’m setting it to 60GB in size).

[box]

mv en_windows_server_2019_updated_nov_2020_x64_dvd_860005f.iso cdrom.iso
/opt/qemu/bin/qemu-img create -f qcow2 virtioa.qcow2 60G

[/box]

In EVE-NG create a new Lab and add in your Windows 2019 Server, then power it on.

It wont find the hard drive, because it has not got the controller driver, click ‘Load Driver‘.

Navigate to B:\Storage\2003R2\amd64 OK > Next > It will detect and load the ‘Red Hat Virtio‘ driver and install Windows. Once done shut the Windows server down.

WARNING: If you intend to deploy ‘multiple’ Server OS’s into single EVE-NG Labs, then run ‘Sysprep‘ on the server image select ‘Generalize’ and Shutdown THEN commit the image, once it’s shut down.

Now you need to ‘commit’ that image (so all new VMs will be created form that image). Ive written about this before, see the following link;

EVE-NG: Committing / Saving Qemu Virtual Machine Settings

But essentially get the ‘Pod Number’ from user management, and the Lab ID from Lab details.

Get the Node ID from the virtual machine, and execute the following command;

[box]

cd /opt/unetlab/tmp/POD-Number/Lab-ID/Node-Number/
e.g.
cd /opt/unetlab/tmp/1/b56699c-31b5-4399-af2e-697eab12981d/2/

[/box]

Lastly, don’t forget to tidy up and delete the ISO image now you no longer need it.

[box]

cd /opt/unetlab/addons/qemu/winserver-2019
rm -f cdrom.iso

[/box]

Related Articles, References, Credits, or External Links

NA

EVE-NG Deploying Fortigate v6 Firewalls

KB ID 0001714

Problem

The firm I work for are looking at a replacement for Cisco ASA as their preferred firewall of choice. We are looking at Fortinet to fill this gap, but as a product/solution it’s something I know very little about.

So the best way to learn is to deploy and play with, and the test bench weapon of choice for discerning technical types is EVE-NG. So can I deploy the newest (v6.4.2 at time of writing) Fortigate firewall into EVE-NG? Indeed, read on.

Solution

Getting the VM is pretty easy, Fortinet allows you to create a free login account, and download the trial version. REMEMBER you want the KVM version of the appliance!

If you didn’t know EVE-NG (and the Qemu software that runs inside it) needs to have its images in certain named folders. So log into your EVE-NG  appliance and create a new folder;

[box]

mkdir /opt/unetlab/addons/qemu/fortinet-FGT-v6.4.2

[/box]

Note: fortinet-xxxxxxxxxx is the correct naming convention 🙂

Now copy your downloaded image into this folder, I use WinSCP, but FileZilla is also free. Remember that your transfer method should be set to ‘binary’.

Back in the EVE-NG console, you need to unzip the appliance, then rename it (EVE-NG also needs the images to have certain names). Then you can delete the original Zip file, and make sure the permissions are set correctly.

[box]

cd /opt/unetlab/addons/qemu/fortinet-FGT-v6.4.2
unzip FGT_VM64_KVM-v6-build1778-FORTINET.out.kvm.zip
mv fortios.qcow2 virtioa.qcow2
rm FGT_VM64_KVM-v6-build1778-FORTINET.out.kvm.zip
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

[/box]

That’s the hard part done. Log into EVE-NG create a new lab and drop a Fortigate device into the workspace. (Note: You can raise the RAM to 2048 to get it to perform a little better, but no higher though, as only 2GB is permitted with the trial licence).

Allow Web Management Of Fortigate VM

I’ve included this bit because most articles don’t, and if I’m unfamiliar with Fortigate, then some of you will be also. Essentially you setup the interface that you will be using as the inside interface with a static IP and allow web management via HTTP. (Note: First you will be asked to change the Admin password).

[box]

config system interface
edit port1
set mode static
set ip 192.168.1.1 255.255.255.0
set allowaccess http 
end

[/box]

Then from a management VM, (on the same network segment) connect to the appliance and log in.

If you just see a blank screen with no logon options see this article.

Related Articles, References, Credits, or External Links

NA

EVE-NG Deploying F5 BIG-IP

KB ID 0001696

Problem

I already had some F5 Images in my EVE-NG, but I wanted to run version 16.x. However, I didn’t think that was officially supported, so I thought I would try and get it running anyway!

Solution

Theres no need to scour the internet for ‘dodgy’ versions, F5 will quite happily give you the latest version, just sign up for a free account, and you can download the image. While you are there, you can apply for a trial licence, (or two if you want to test HA).

Important: I use FileZilla to upload images into EVE-NG, make sure your transfers are set for ‘binary’ I’ve seen this break things in the past, so mines already setup to use that by default;

Upload the image into EVE-NG, (I’ve shown the location, on the image below).

Now, SSH into EVE-NG, extract/unzip the image, then copy/rename it to virtioa.qcow2, remove the ZIP file, and finally fix the permissions; (Change the values in bold (below) to match your version);

[box]

cd /opt/unetlab/addons/quemu/bigip-16.0/
unzip BIGIP-16.0.0-0.0.12.ALL.qcow2.zip
mv BIGIP-16.0.0-0.0.12.ALL.qcow2 virtioa.qcow2
rm BIGIP-16.0.0-0.0.12.ALL.qcow2.zip
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

[/box]

You can now add a BIG-IP LTM VE into your lab.

Select Version 16 > Scroll down.

Change the Console to VNC > Save.

Power it on.

Log in, the DEFAULT USERNAMES AND PASSWORDS are;

Username: root Password:default

Username: admin Password: admin

You will be asked to change the passwords. (Note: The admin password may expire straight away so you will need to change it again when you log into the web console!)

To ‘Get Access’ you will need to configure the Management Network on the F5, to do that run the config command.

I don’t wish to insult your intelligence by walking though these steps, set an IP address and subnet mask on the management port.

In ‘Most” cases you wont want a default route on the management network, (normally that’s set on the ‘External‘ network).

Now browse to the appliance from a host on the management network, you will need to log on as the ‘admin‘ user, and (as I mentioned above), I needed to reset the password again!

Now you can configure the appliance, when your trial licences, (unless you bought some lab licences,) come through.

Related Articles, References, Credits, or External Links

NA

TinyCore Linux: Build a ‘Persistent’ Web Server

KB ID 0001697

Problem

Recently I was building a lab for testing load balancing, and needed some web servers, I could have built three Windows servers, but I wanted to run them in EVE-NG, so they had to be as light as I could make them. I chose TinyCore Linux, (I know there are smaller options, but it’s light enough for me to run, and work with).

The problem occurs when you reboot the TinyCore host, it (by default) reverts back to its vanilla state, (that’s not strictly true, a couple of folders are persistent).

So I had to build a server that would let me SFTP some web content into it and allow me to reboot it without losing the web content, settings, and IP address.

Step 1: Configure TinyCore IP & Web Server

This is a two step procedure, firstly I’m going to give it a static IP.

[box]

sudo ifconfig eth0 192.168.100.110 netmask 255.255.255.0
sudo route add default gw 192.168.100.1

[/box]

I don’t need DNS, if you do, then simply edit the resolve.conf file;

[box]

sudo vi /etc/resolv.conf
Add a value e.g.
Nameserver 8.8.8.8

[/box]

If you are scared of  the VI editor see Using the VI Editor (For Windows Types)

To connect via SSH/SFTP you will need opnessh installing, and to run the website, we will use Busybox, to install those, do the following;

[box]

tce-load -wi busybox-httpd.tcz
tce-load -wi openssh

[/box]

You will now need to set a password for the root account, (so you can log on and trasfer web files in!)

[box]

su
passwd
Type in, and confirm a new password!

[/box]

Start the OpenSSH, and TFTP services;

[box]

cd /usr/local/etc/init.d/
./openssh start
cd /etc/init.d/services/
./tftpd start

[/box]

Now create a basic web page, (index.html) which you can update later. Setup the website, then copy that file to a location that will be persistent (you will see why later).

[box]

cd /usr/local/httpd/bin
sudo ./busybox httpd -p 80 -h /usr/local/httpd/bin/
sudo vi index.html {ENTER SOME TEXT TO TEST, AND SAVE}
sudo mkdir /mnt/sda1/wwwsite/
sudo cp /usr/local/httpd/bin/index.html /mnt/sda1/wwwsite/index.html

[/box]

At this point, (if you want) you can use your favourite SFTP client, (I recommend FileZilla or WinSCP) and copy in some live web content to /mnt/sda1/wwwsite/ But ensure the home/landing page is still index.html though!

Step 2: Make TinyCore Settings ‘Persistent’

There may be better ways to do this, this just worked for me, and made sense! There’s a shell script that is executed as the TinyCore machine boots (bootlocal.sh) so if you edit that file and put in the commands to configure the IP, copy the website files from the permanent mount folder, start the web server, then start SSH and TFTP, you end up with a server doing what you want, every time the server boots.

[box]

sudo vi /opt/bootlocal.sh

ADD THE FOLLOWING TO THE BOTTOM OF THE FILE;

sudo ifconfig eth0 192.168.100.110 netmask 255.255.255.0 
sudo route add default gw 192.168.100.1
cp /mnt/sda1/wwwsite/index.html /usr/local/httpd/bin/index.html
cd /usr/local/httpd/bin/
Sudo ./busybox httpd -p 80 -h /usr/local/httpd/bin/
cd /usr/local/etc/init.d/
./openssh start
cd /etc/init.d/services/
./tftpd start

[/box]

Save and exit the file, then finally BACKUP THE CHANGES with the following command;

[box]

filetool.sh -b

[/box]

Related Articles, References, Credits, or External Links

NA

EVE-NG: Committing / Saving Qemu Virtual Machine Settings

KB ID 0001695

Problem

I’ve been working on a load balancing lab in EVE-NG this last week or so. I created some web servers (in TinyCore Linux,) to act as the web servers in that lab. (Essentially they serve a different colour web page so I can test the load balancing is working OK).

Now I wanted to save the changes I made so that I could redeploy the configured servers to multiple labs. But when you deploy a qemu VM as a node in a lab, EVE-NG copies the VM to the lab, and the changes you make, only apply to the node, in the lab, in the pod, you are working on!

So I wanted to update the ‘Master‘ image in EVE-NG, with the one I configured. Here is how to do that;

Solution

Firstly you need to get your POD NUMBER, you can get that from the user management screen, below you can see my user, (you can see already logged on), is using pod number 1.

Now you need to get the LAB ID NUMBER. Open the lab > Shut down the machine that you want to save the changes from > Lab Details > Copy the lab ID number.

Lastly you need the NODE ID NUMBER. Either  select Nodes and take note of the number, or right click the node and the node ID is shown (in brackets).

Armed with those three pieces of information, SSH into the EVE-NG host, and execute the following commands;

[box]

cd /opt/unetlab/tmp/POD-NUMBER/LAB-ID/NODE-ID/

for example;

cd /opt/unetlab/tmp/1/2277307f-b0bc-45a4-831f-a89a716b5841/3/

[/box]

Now depending on the VM/Appliance in question, it may be called hda.qcow2, or virtioa.qcow2 (a quick ls command will tell you!) Take the name and commit the changes with the following command;

[box]

/opt/qemu/bin/qemu-img commit hda.qcow2

[/box]

Job done!

Yes but you wanted three different servers? Correct, I then copied the server (twice) edited the IP address, and the web page served on the two copies and committed the changes back to the original VMs!

Related Articles, References, Credits, or External Links

NA

EVE-NG on VMware ESX Strange ARP Problems?

KB ID 0001601

Problem

I use EVE-NG a lot, it’s an awesome tool. Also I’m lucky enough to have my own ESX servers, so that’s where it lives. I’ve noticed this problem before, but I’ve either given up, and done something else, or it’s manifested itself in an ‘odd’ way that I can work around.

If you’re new to connecting EVE-NG to a live network you might want to read the following post first;

EVE-NG (VMware) Connecting to the Internet

When setting up a new lab, I connected a Ciso IOL router to my cloud object, and it successfully got an IP from DHCP, but could not communicate with the outside world. So I replaced it with a Cisco (Dynamips) router, same thing! So I replaced with with a Cisco ASAv, same thing!

I moved the EVE-NG machine onto its own standard vSwitch, (no difference).


I hadn’t committed the ‘schoolboy error‘ of forgetting to allow promiscuous mode on the port group.

I could also see from my physical network, that there was layer 2 connectivity happening, as it was in in the ARP cache of my core switch.

I did notice that if I waited for a long time, it would start working, so (on the Core Switch) I flushed the ARP cache, and pinged the EVE-NG device and got a response, then it worked fine from EVE-NG, (for a while, in a manner of speaking!) If I tried to NAT any other traffic, or do anything else, then the problem returned. I could keep flushing the ARP cache on the switch, but that’s a bit annoying?

Solution

Well, (in my case) the problem turned out to be a problem with the fact I have ‘teamed‘ physical NICs on the vSwitch, which you can see above (vmnic0, and vmnic7). AS SOON as I removed one, and only had one physical uplink it worked faultlessly?

Everything works now.

Note: I tried changing the load balancing algorithms to ‘Route based on IP hash‘, ‘Route based on source MAC hash, and even ‘Use Explicit failover order‘, none of these worked.

I did see other people in forums that were saying, ‘I only have one physical uplink‘, I’m suspecting that in their case, it’s promiscuous mode was missing, but feel free to comment below, if any one manages a better work-around / fix / explanation.

Related Articles, References, Credits, or External Links

NA

EVE-NG (VMware) Connecting to the Internet

KB ID 0001432

Problem

I did an article a while back on doing this with UNL, so I thought I’d revisit it today for EVE-NG. I really like EVE-NG, for proof of concept work, testing, and just learning new products I cant think of any product better.

But what if you want to connect your labs to the outside world? 

Solution

In all honesty a lot of this article you can skip, I’m just showing you what’s going on down at the Linux level (so you can be sure yours will be OK).

I’m assuming you already have EVE-NG installed and some images in it, and know how to create a lab, and that you want to connect that lab to the internet.

Unlike UNL, EVE-NG will deploy with only one vNIC, (below I’m using vSphere 6), so to keep things nice and simple I’m just going to add one more;

VMXNet3 is fine, just make sure it’s connected to the correct port-group.

Note: You can probably skip down to allowing promiscuous mode below. As the good folk at EVE-NG have configured all the hard stuff for you!

SSH into your EVE-NG server > log on as the root user, and make sure it can see BOTH network cards, with the following command;

[box]ifconfig -a | grep ^eth[/box]

Above you can see the original eth0, and the one I just added eth1.

You probably already have nano installed, (it’s a text editor). But just in case, run the following command;

[box]apt-get install nano[/box]

Use nano to edit/view the network card settings; 

[box]nano /etc/network/interfaces[/box]

Scroll down to the settings for eth1 and make sure it is tied to, (bridged to)  pnet1 (as below). Repeat for any additional network cards.

To exit nano Press CTRL+X, (then if you have made any changes save them).

You can also see a summary of bridged interfaces with the following command;

[box]

brctl show

[/box]

Enable Promiscuous Mode

Your Hyper Visor (VMware) needs to be able to see traffic from your EVE-NG devices, coming out though the vNIC we added earlier, that means a lot of MAC addresses are going to be coming from the MAC address of that vNIC. By default VMWare will block that. so we need to enable promiscuous mode on the port-group that we connected to earlier, (mine was called VM Network).

If you are using the older VMware (Fat) client, see the link at the bottom of the page for the older UNL article.

Edit the port group;

On the Security tab > Tick ‘Override’, and set it to ‘Accept’ > OK.

Forged Transmits: You will also need to enable this, (if you use VLAN tagging in your network!)

Add Cloud Objects to EVE-NG

Above, (if you remember) the vNIC (eth1) was bridged to pnet1. These used to be labelled pnet1, pnet2, etc. Now they are labelled Cloud1, Cloud2, etc.

In your lab workspace add a ‘Network’ object.

Select Cloud1 (remember this is mapped to pnet1, which is bridged to eth1.). You may want to change the name from Net, to something like ‘Internet’.

Connect a device to it, (I’m using a router, because they are quick and easy to setup).

My Network has DHCP on it, so my router picked up an IP from my LAN, and once I’d given it a default route, I now have full internet access from the lab.

Related Articles, References, Credits, or External Links

Unified Networking Lab – Connecting ESX VM to the Internet

ENE-NG and GNS3 – Speed and Duplex Mismatch

KB ID 0000983 

Problem

I don’t know why this happens sometimes with GNS3, and EVE-NG but occasionally I will get a connection between two devices that constantly complains.

%CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on {interface-name} (not half duplex), with {host-name} {interface-name} (half duplex).

For the uninitiated, a speed/duplex mismatch, usually happens when both ends of the link are set differently, or (more commonly) both ends are set to ‘auto’.

[box]

!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!

[/box]

Solution

WARNING: DO NOT carry out this procedure on live networking equipment, this is only for use in the GNS3 environment.

If this happens to you, you will sensibly try and set the speed/duplex of both ends of the link correctly, on real networking equipment that would solve the problem like so;

[box]

PetesRouter(config)#interface FastEthernet0/1
PetesRouter(config-if)#duplex full
*Aug 6 13:40:39.815: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Aug 6 13:40:41.823: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Aug 6 13:40:42.823: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
PetesRouter(config-if)#speed 100
*Aug 6 13:40:47.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Aug 6 13:40:49.859: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Aug 6 13:40:50.859: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
PetesRouter(config-if)#

[/box]

But in some cases on GNS3 it does not, (not sure if it’s a bug?)

Is that happening to you, the only way to stop it is to suppress the error. To do this add the ‘no cdp log mismatch duplex’ command to the interface giving you the error.

[box]

PetesRouter(config)#interface FastEthernet 0/1
PetesRouter(config-if)#no cdp log mismatch duplex
PetesRouter(config-if)#exit
PetesRouter(config)#exit
*Aug 6 13:45:55.235: %SYS-5-CONFIG_I: Configured from console by console
PetesRouter#write mem
Building configuration...
[OK]
PetesRouter#
[/box]

Related Articles, References, Credits, or External Links

NA