This is my first live stream; I know how to do some stuff, to create my labs
and I was tinkering around my labs and I thought I could show you guys how to do this.
I'm going to show you how to set up the GNS3 and the Packet Tracer on a remote server
I'm going to use two servers: I'm going to set up the GNS3
on an Ubuntu server and the Packet Tracer on a Windows server.
Why am I using Packet Tracer and GNS3?
Because both are the most popular and they are both free.
I'm going to set up those remote servers in
Amazon Web Services (AWS), mainly because they have the free tier
this can also be applied to Google Cloud Provider, Azure
and Linode. I'm going to show you with the AWS
also because it's the most popular.
Packet Tracer is a network simulator,
which means that it models some aspects of the
systems that we're going to use. What we're going to try to do with those
tools is to set up our own network architecture and to try
out some things - that's what the training
is and I'm going to show you how to install that.
Packet Tracer have some limitations with the equipment
features inside that; it is free, it is easier to
install, it is easier to use but some commands might not work
how you'd expect and some commands don't work; that's the
downside of it. GNS3, it is a network emulator: it enables us to use
the actual system. The good side of GNS3 is that you can use it to run real
IOS images or real network devices images, using them in virtual machines but the
problem of that is: first, you have to have access to
those images with Cisco (is not free)
you have to have a legal contract with Cisco to download
those IOS images but there are other images that can use;
you can set up more complex scenarios that require more CPU usage because
you're basically going to have a bunch of routers and switches as you
would on a production environment, most likely you're not going to be able
to support that in a desktop. You're going to need a
server for that
 - that's why I'm going to set up a GNS3 on a server.
First you need to be registered in the net academy with Cisco.
Resources; download Packet Tracer; there is the information what you need.
Should I install the Packet Tracer on
my desktop? Yes, it's probably gonna work.
You gotta check the requirements here first.
Why am I doing this on a remote server? Because
maybe you don't want to install something on your machine or you don't
have the access to or you don't want to mess up
your home setup, you're not sure how to do it. Setting this up on a remote server
is just a convenience: you'll learn how to do something on Windows remote server.
With an AWS account, console, EC2. Let's go to instance.
Launch instance. I'm going to Windows free tier eligible. That's a free tier eligible.
It's a T2 micro - let's configure instance details.
We're not going to change anything here. Add storage,
we're not going to change anything here. Let's add
a tag. Give it a name: this is our
PacketTracer- winserver
Security Group: that is required, because without that you're not going to be
able to remote login into this winserver.
Windows server with packet tracer. The only access that we
really need for this is RDP (Remote Desktop), on TCP port
3389 and I recommend that you use MyIP so you
can restrict the access to this instance.
I'm not gonna do that so you don't see my IP address.
If you have a network connection that changes the
the IP address received from your provider
this is going to be a little bit harder to keep
MyIP here so you can use a custom or you could keep it in the way it is.
This is a RDP access. For Windows you'll only need RDP.
Please don't open any more ports if you're not going
to use them. If you are going to use SSH or other kind of
connection - I really don't recommend that -
for what we're going to do, RDP is enough. Security group is one layer of security
because we're going to use access key, the credentials to
really access the server; so this is one of the layers
the first layer within AWS security.
Review and launch.
Because I opened it to the world, it's letting me know that I'm not being wise.
The recommendation is use MyIP as it's going to only permit your IP
to access. Now, this is a little review of what
we're doing and launch. We're going to create a security key pair
I don't have any key pairs; we have to
create a new key pair. And you have to download
that key pair because you're gonna use it later.
Here it is: "You have to download the private key blah blah blah"
It's launching our Windows instance; it is launching here
you can see the status of that: it is still
pending. You can see the name that you
created as a tag is here; it is status checking the instant state
the availability zone I'm using; what is the instance type;
this is the instance ID... It can take a while but it's usually pretty quick
We have it running! Connect; a standalone RDP client
If you're on a Windows machine, you're probably gonna have
a RDP client already installed: it's really a staple for Windows.
If you're using a Linux, like me, I use Remmina.
It's an RDP client. I have a remote desktop.
How do we connect? I have here the public DNS. I copy that here.
Username is Administrator. Password: remember that key pair that we created?
Let's generate the password with that.
See? We're using the key name twitch-stream
we're going to get that file, this is the key
we're going to decrypt that password into something that we can
copy and paste and we are good!
Okay, let's open an explorer with netacad.com
let's login; resources; download
packet tracer; windows 64-bit download
run and here we got the good ol' next-next-finish
We got here! Packet Tracer ready to go.
I'm done for today but if I'm about to log off, I will only have access to that file
that I just created - that lab - if the server continues to run!
We're still using AWS resource and I'm going to continue to pay
for that while we have this running for the
EC2, for the storage, and I don't want to be charged on that!
I made this mistake once... I forgot to terminate my server...
Let's just say that even with the free tier, it only gives you a limit
of usage for free. If you extend that usage you start to pay;
I learned that the hard way.
Don't do that. Don't forget to terminate your instance.
But if you want to keep files, I recommend
that we store them in a S3 bucket. How do I do that?
We're going to install into the server
AWS CLI so we can access everything else on the AWS if you want
inside this server. There is one little thing called
docs.aws.amazon.com - that can really help you with that
command line interface; let's install the AWS CLI version 2
on Windows. Let me just get the information that we need... Let's copy this
link location
yeah save that too and run; next; next; next;
install; finish and I'm gonna open a command prompt or powershell
to configure configure the AWS CLI configuration basics.
I need access key. Do I have an access key? We can create one.
Let's go to Identity & Access Management (IAM). I have my user; this is me;
and security credentials
and by the way, if you're not using a user
if you're using your root; if you don't have
another individual user different from root
you're doing this wrong! This is a security breach!
Don't use your root account for everything.
Security credentials I have one access key
but let me create another access key so you have the idea
Create access key; download the CSV file; you have to download it.
If you don't download it you're not going to see this anymore, you cannot recover.
This is the file, we have an access key
and a password. Let's get back here 'aws configure' what is my access key id?
This one. Password? What is my region?
I'm looking here on the IAM
and I'm still on Global because it does not
require region selection to work but let's get back to
our EC2 to see where we created that
instance we're using ca-central. Here ca-central-1
and the output format is json.
Now let's create a S3 bucket.
aws s3 'make bucket' mb
s3://twitch-lab - I just made a bucket! Let's see if that
bucket exists. S3; buckets.
On S3 also are global so here we are: twitch-lab on ca-central
I just created that. Nice!
But our bucket is still empty
This is where we save our test lab
aws s3 cp 'copy' test-lab s3://twitch-lab
if we list our files
you see, we have our test lab and
if we look it here, oh!
I'm going to create an AMI
image from that. I'm going to take a snapshot of what we've done
so far I'm going to save that image and I'm going to terminate my instance
when I need to launch my instance again, instead of
getting that generic image with nothing
I get this one that is already customized for me with the
Packet Trace installed, the AWS CLI installed, with the
server here selected I'm going with actions
instance image. I'm going to create an image.
Give it a name. This is my PacketTracer-winserver-ami
when it's done it's going to appear right here
Still pending... It can take a few minutes, it's taking the snapshot
So Packet Tracer? All good, it's pretty simple.
GNS3, on the other side, is a bit more complicated.
We're not going to simply remote connect to the server and do
work there; what we want to do is use a GNS3 client locally
to access the GNS3 server remotely, on our AWS instance and the
IOS and other images is going to be running there
but we're going to be coordinating all this and going to
use GNS3 locally. Does that make sense? To do that we have to establish a
connection, a secure connection, and we have to have
a GNS3 client on our machine and the GNS3
server on a remote server
We're going to launch another instance
for that, for the GNS3. I'm going to use Ubuntu.
Also on the free tier; T2 micro free tier. Here we can do a little thing that is a
good practice. It's like you received a CD or a pendrive
or something, it could be already out of date
that system. We're going to give some updates before
we start anything. Here on advanced details we're going to
add as a text: sudo su
apt-get update
apt-get upgrade -y
What I'm doing here is giving root access to perform this action then I'm updating
my repository on that server. If I give an update, I force
the packet system to update this repository list, so with the repository list
updated, I can compare if my system is up to date
and then I issue an apt-get upgrade to check what is on the repo list
and upgrade what needs to be upgraded. If there's something that is already up to
date, that's okay, i don't need to change that; but if it's something that is
out of date, it's going to be upgraded to a newer
version and the '-y' is just "don't require me to give the okay"
the yes to answer "do we want to upgrade?"
already assume that I give it a yes.
When I log in into the server for the first time it's already
up-to-date system. Add storage; I'm not going to change anything here
Let's add a tag for the name; this is our
GNS3-Ubuntu. Create a security group
Can I use a security group that I already have? No, because you don't have
the credentials that I'm going to say you need to
So let's create a new one. This is going to be the GNS3
server. SG for GNS3 server. It already assumes that you're
going to use SSH on port 22 TCP to login into the server and it's right.
I also recommend that you use MyIP here
I'm not going to put it here so you don't see my IP
but it's the same scenario
instead of using RDP to connect we're going to use
SSH because we're not going to install any
graphical interface for the Linux. I'm not gonna need it.
Now we need two rules that are going to be important
second rule is a custom UDP rule; the UDP port
1194 - I also recommend MyIP but
I'm not going to show you guys. This is the port
for the OpenVPN. When you create the tunnel between my
client and this server remotely. We're gonna use OpenVPN as the
tool to create a tunnel; that's a secure tunnel, a VPN tunnel
that's what I'm doing here and I'm going to add another rule that is very
specific for this case: that is a custom TCP rule
on port 8003. Also I would recommend MyIP
and this is the port that is going to serve
the VPN config. We're going to download the config
that's going to be generated by this server to create our tunnel
It's going to get a little more clearer when we get to the configuration on the
server itself. What we're doing here is going to open
specific ports for what we're going to do; that is
first download the VPN config from the server
that is serving our VPN and the port for the VPN connection itself
I'm going to review this; launch. Do we need to create a new
key pair? Not really. We can use
the same key pair. I already have that downloaded so we're
going to launch the instance. Wow, it's already running!
we have selected; connect. So we're going to use
a standalone SSH. Let's take a look. We have the access keys, we have the
tweet-stream that is our key pair but it requires that
I change the mod to 400. What does that mean? It means that
I have to change this little thing here. The actual key
for this one is 664. Actually going to change
from 664 that is read, write and execute
for owner, group and all to 400 that means
only read from the owner, nothing - no access - for the group, no access for
everyone else. We're changing the key to mod 400. Now, if you do that again
change it to 400. We have to do this first.
Now we're going to connect to this public DNS
and it already gives us what it should be.
Here is our command SSH using that key pair
login on the SSH as user Ubuntu at my EC2 instance
-this entire name- Are you sure you want to continue connecting? Yes.
The public DNS that we use is this one
and the public IPv4 IP is this one; this is the one that we're
connecting to. The private IP is 172.31.17.192
172.31.17.192 This is not our tunnel IP address
this is not our VPN, this is just a server
and if we try to connect to this IP address and I'm not going to make it.
sudo su - Let's get it to root, we have to install GNS3
docs.gns3.com - get started; installation
on a remote server. Let's get this and...
this can take a few minutes. I'm going to install the GNS3
and OpenVPN, not just going to install GNS3 - it's going to also install
OpenVPN. So we can pull the VPN information and
create a tunnel. In the meantime, the documentation for
this script is on the GNS3 official documentation site.
We're going to use openvpn.net
it's cross-platform; you can use in Windows, MacOS
Linux... It can be used on a bunch of different servers.
We got it done! We finished installation now
setup is over. We need to reboot the server
as root so we can put a 'reboot now'. It's going to kick me out. It can
take a few minutes... But you see? My connection was refused
because it's still not finishing rebooting
the first thing that you can see here and first thing it gives me
is 'download the vpn configuration here'. You see that the
IP address that it provides me it's the the public IP address
35.183.112.114
port 8003. That's the
port that we open on the security group. That was
necessary. If I did not put that on the security group
I would not be able to download this because the VPN
configuration is ready only by this path on the port 8003
Let's take this. Download it. That's the VPN config. Now I can connect
on OpenVPN; I already had it installed and I'm going to use that file that is...
operation not permitted
okay, that's because I'm not as root!
Now it's connecting, connecting... Initialization sequence completed!
GNS3 client. You see that it is configured for
local server. Let's cancel that. You see it's using Fedora, that is my
Linux, when I installed the GNS3 and you're gonna see that when you install
the GNS3 on your machine it's going to install both client
-the GUI- and the server on local machine. It can run
everything locally but it gets to a time that your machine
cannot take it, it's a lot of VMs running at the same time and you
don't have the hardware, the physical resources to do it
so that's why we're setting up a server. I'm going to Edit
Preferences; Server. We're going to disable that
and it opens here for a host and a port
the port is the same, it is 3080 and you might ask me but why didn't we open port 3080 on
the security group? Because we don't have to, we're already
on our tunnel open for the VPN. But now
what is the host? Is it that 35.183... No! That is the public IP
for the server. That server is not listening on the port 3080
and it's not serving GNS3 on the port 3080. Where does it serve it?
Let's check for the IP
addresses but I want to know about my tunnel
What did I do here? I used the command 'ip addr'. I want to check all the
IP addresses. I could use 'ifconfig' but that is
deprecated. It's good to know both commands.
Here I have the tunnel 1194, that is the UDP port for the OpenVPN
this is our tunnel and the IP address for that is
Let's get back to that IP address tunnel 1194
IP 172.16.253.1 - I put it here on localhost, I don't need to any authentication
already in the VPN. Let's apply; it's checking for the local
server... Let's check in here... main server, now we are remote!
See? This is our OpenVPN connection
Let's drop the connection. The GNS3 server
is connection refused! See? Error! Because I just closed the VPN
I dropped the tunnel so it cannot connect anymore to that IP address that
is an internal IP address for that instance. We can install aws cli
is not really required. Differently from the
Windows machine. There we didn't have connection to outside world
to save our labs. Here with GNS3 we're doing this
locally. We are running things remotely but
everything else we're doing locally so I'm just going to
show you how to do it just for the sake of it. Remember CLI
on Linux now. We get this; let's do it; unzip it
now I can use 'aws version'; 'aws configure'
Remember this little guy? Region name: ca-central-1
I also want to create an image from that
Why? Because we don't want to keep this server running
without doing anything on it and paying for that!
We can create an image. Same stuff: gns3-server-ami; create image
our packet tracer should be available and here is this snapshot for that
here it is, completed!
this one is still pending; that's what we're doing right now and this is
completed; which means we can stop and terminate the other
instance -the packet tracer instance- that we do instance state
stop; shutting down.
That's it folks talk to you in the next one!
