It is currently Thu Jun 21, 2018 10:42 am


All times are UTC




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Connecting GNS3 to real networks without root using OpenVPN
PostPosted: Thu Mar 06, 2014 8:09 pm 
Offline

Joined: Thu Mar 06, 2014 7:25 pm
Posts: 2
Hi, I've just come up with an interesting setup I'd like to share. Maybe it's described somewhere else or there might be a better way, but it seems to be working well. The purpose is to connect GNS3 to real networks without running the simulator with administrative privileges. The idea is to terminate a cloud NIO UDP link using OpenVPN, a tap device and a bridge. The example below shows the steps assuming a Linux (remote) host.

Configure the host to terminate your NIO UDP link. We will use a tap device named tapR1

ip tuntap add dev tapR1 mode tap
ip link set dev tapR1 up

and an OpenVPN daemon without any cipher configured

vi /etc/openvpn/R1.ovpn
proto udp
port 20001
cipher none
dev tapR1

Although we would already be able to capture ethernet packets in tapR1 (e.g. via "tshark -i tapR1"), this device is not yet "connected" to the host. For that we need a bridge:

brctl addbr br0
brctl addif br0 tapR1

brctl show
bridge name bridge id STP enabled interfaces
br0 8000.16d7ccd907dd no tapR1

Note that there is no need to attach eth0 to br0, as you can forward packets to and from the bridge:

ip addr add 10.0.0.1/24 dev br0
ip link set dev br0 up

echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/br0/forwarding

Finally, start the OpenVPN daemon using R1.ovpn and in GNS3 configure a NIO UDP link to point to the remote host port at port 20001. Now you should be able to use 10.0.0.1 as a gateway to the physical network. HTH




Top
 Profile  
 
 Post subject: Re: Connecting GNS3 to real networks without root using Open
PostPosted: Fri Mar 07, 2014 11:45 am 
Offline

Joined: Sun Sep 16, 2012 9:55 pm
Posts: 541
Location: England
If your running GNS3 on linux, there's no need to run as root... You can just give dynamips the required permissons using setcap, which is what is done with the .deb packages.

Details are here: topic6251.html

_________________
Daniel
Forum Moderator & Debian Package Maintainer for GNS3, Dynamips & VPCS.
Standalone DEB Packages are available from http://gns3.serverb.co.uk - To be updated!


Top
 Profile  
 
 Post subject: Re: Connecting GNS3 to real networks without root using Open
PostPosted: Sun Mar 09, 2014 9:31 am 
Offline

Joined: Thu Mar 06, 2014 7:25 pm
Posts: 2
Hello Daniel,

yes, I'm running GNS3 on Linux too and I was unaware of setcap.

Thank you, it works now without the vpn setup.

Regards


Top
 Profile  
 
 Post subject: Re: Connecting GNS3 to real networks without root using Open
PostPosted: Sun Mar 09, 2014 12:40 pm 
Offline

Joined: Sun Sep 16, 2012 9:55 pm
Posts: 541
Location: England
Glad that sorted the problem for you!

On another note... if your using a Debian/Ubuntu distro, i'd recommend using the deb packages, which take care of the setcap.

For Ubuntu: either use the PPA (topic6666.html) or from 14.04 (Trusty Tahr) the multiverse repository
For Debian: the latest package is available in Testing/Unstable, but this would need to be recompiled for Wheezy (Stable)... (When I get around to it, I shall try and get a backport uploaded... and my standalone packages updated too!)



_________________
Daniel
Forum Moderator & Debian Package Maintainer for GNS3, Dynamips & VPCS.
Standalone DEB Packages are available from http://gns3.serverb.co.uk - To be updated!


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO